Skip to content

Enable Dependabot #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Enable Dependabot #2

wants to merge 6 commits into from

Conversation

@exadev
Copy link

@exadev exadev bot commented Jul 7, 2025

Dependabot could be enabled for this repository. Please enable it by merging this pull request so that we can keep our dependencies up to date and secure.

Mearman and others added 6 commits July 5, 2025 18:27
@Mearman
feat: add targetOrigin parameter to outputHTML function
7704c1a 
Add support for specifying a target origin for postMessage calls to improve
security by restricting which origins can receive the authentication messages.
@Mearman
feat: capture referring origin from request headers
c859e21 
Extract the referring origin from the Referer header to determine which
domain initiated the authentication request. This will be used to restrict
postMessage communication to the originating domain.
@Mearman
feat: encode origin in OAuth state parameter
a92074d 
Encode both CSRF token and referring origin in the OAuth state parameter
as base64-encoded JSON. This allows passing the original domain through
the OAuth flow for secure postMessage targeting.
@Mearman
feat: pass targetOrigin in handleAuth error responses
3e551ee 
Add targetOrigin parameter to error responses in the handleAuth function
to ensure error messages are only sent to the originating domain.
@Mearman
feat: decode state and pass targetOrigin in callback handler
aaece55 
- Decode the OAuth state parameter to extract original domain
- Add backward compatibility for old state format
- Pass targetOrigin to all error and success responses in handleCallback
- Ensure postMessage communication is restricted to the originating domain
@exadev
Create/Update dependabot.yaml
5d6a7d6
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Jul 7, 2025
edited
Loading

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs		 sveltia-cms-auth 5d6a7d6 Commit Preview URL Jul 07 2025, 07:15 AM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Mearman