Dynamic Frontend Domain Redirection for OAuth#24
Conversation
- Update frontend to send current origin in \`returnTo\` param. - Update backend OAuth routes to pass \`returnTo\` via \`state\` param and dynamically redirect based on it. - Enhance security by validating the requested redirect origin against \`ALLOWED_ORIGINS\` and \`FRONTEND_URL\`. - Update backend CORS config to dynamically allow requests from multiple trusted domains.
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
1 participant
Fixes an issue where users logging in via Google OAuth from a newly registered domain were incorrectly redirected back to the old, hardcoded domain.
The backend now dynamically identifies the frontend origin and redirects to it, while validating it against an allowed list to prevent Open Redirect vulnerabilities. CORS configuration has also been improved to support multiple allowed frontend origins.
PR created automatically by Jules for task 17772742735553962049 started by @TheShahnawaaz