fix(electron): default allowedRedirectProtocols to the renderer scheme#9043
Conversation
🦋 Changeset detectedLatest commit: 74d00ce The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository YAML (base), Repository UI (inherited) Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthrough
Auto allowedRedirectProtocols for Electron renderer
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches📝 Generate docstrings
Comment |
@clerk/astro
@clerk/backend
@clerk/chrome-extension
@clerk/clerk-js
@clerk/electron
@clerk/electron-passkeys
@clerk/eslint-plugin
@clerk/expo
@clerk/expo-passkeys
@clerk/express
@clerk/fastify
@clerk/hono
@clerk/localizations
@clerk/nextjs
@clerk/nuxt
@clerk/react
@clerk/react-router
@clerk/shared
@clerk/tanstack-react-start
@clerk/testing
@clerk/ui
@clerk/upgrade
@clerk/vue
commit: |
Description
Small DX win: today apps have to manually set
allowedRedirectProtocols={['<scheme>:']}on<ClerkProvider>so Clerk's prebuilt-UI cross-links aren't rejected (i.e. the sign-up link on the SignIn component and the sign-in link on the SignUp component).This PR makes it zero-config by deriving the scheme from the renderer's own origin (
window.location.protocol, i.e. the scheme registered viacreateClerkBridge) and appending it toallowedRedirectProtocolsinternally by default.The only exception to this new behavior is honoring explicit values (including
[]) which will override.Testing: drop
allowedRedirectProtocolsfrom<ClerkProvider>and confirm in-app cross-links (sign-in ↔ sign-up) on auth components work properly.Checklist
pnpm testruns as expected.pnpm buildruns as expected.Type of change
Summary by CodeRabbit
clerk:).allowedRedirectProtocolssetting, including setting it to none.file:renderers remain unchanged (not auto-allowed), andhttps:defaults are not added automatically.