Verify SSO window message origin (#2686)

2026-02-23 12:38:25 +05:30 · 2026-02-23 12:38:25 +05:30 · ed0ad61bc4
commit ed0ad61bc4
parent b2cb717178
1 changed files with 7 additions and 2 deletions
--- a/src/app/components/uia-stages/SSOStage.tsx
+++ b/src/app/components/uia-stages/SSOStage.tsx
@ -26,7 +26,12 @@ export function SSOStage({

  useEffect(() => {
    const handleMessage = (evt: MessageEvent) => {
-      if (ssoWindow && evt.data === 'authDone' && evt.source === ssoWindow) {
+      if (
+        evt.origin === new URL(ssoRedirectURL).origin &&
+        ssoWindow &&
+        evt.data === 'authDone' &&
+        evt.source === ssoWindow
+      ) {
        ssoWindow.close();
        setSSOWindow(undefined);
        handleSubmit();
@ -37,7 +42,7 @@ export function SSOStage({
    return () => {
      window.removeEventListener('message', handleMessage);
    };
-  }, [ssoWindow, handleSubmit]);
+  }, [ssoWindow, handleSubmit, ssoRedirectURL]);

  return (
    <Dialog>