Harden OAuth callback postMessage origin and payload encoding
This commit is contained in:
@@ -16,6 +16,10 @@ EXA_API_KEY=your_exa_api_key_here
|
||||
|
||||
# Frontend URL for OAuth callbacks
|
||||
FRONTEND_URL=https://alwrity-ai.vercel.app
|
||||
# Optional comma-separated allowlist of trusted frontend origins used for OAuth callback postMessage targetOrigin.
|
||||
# If unset, FRONTEND_URL origin is used.
|
||||
# Example: OAUTH_CALLBACK_ALLOWED_ORIGINS=https://alwrity-ai.vercel.app,http://localhost:3000
|
||||
OAUTH_CALLBACK_ALLOWED_ORIGINS=
|
||||
|
||||
# OAuth Redirect URIs (Using environment variable for flexibility)
|
||||
GSC_REDIRECT_URI=${FRONTEND_URL}/gsc/callback
|
||||
|
||||
Reference in New Issue
Block a user