Skip to content

Commit

Permalink
Ensure session param is removed in origin URL
Browse files Browse the repository at this point in the history
  • Loading branch information
@laymonage
laymonage committed Nov 14, 2021
1 parent 8a4eac7 commit 7ddfc2f
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 4 deletions.
7 changes: 7 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,13 @@ writing, this is a rolling-release project without any meaningful versioning
whatsoever. Tags/releases may be created for the sole purpose of documenting
major updates to the project.

## 2021-11-14

### changed

- Ensure `session` param is removed in `origin` URL
([#246](https://github.com/giscus/giscus/pull/246)).

## 2021-11-07

### changed
Expand Down
6 changes: 4 additions & 2 deletions lib/utils.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,11 @@ export function getThemeUrl(resolvedTheme: Theme, theme: Theme): Theme {

export function getOriginHost(origin: string) {
try {
return new URL(origin).origin;
const url = new URL(origin);
url.searchParams.delete('session');
return { origin: url.toString(), originHost: url.origin };
} catch (err) {
return '';
return { origin: '', originHost: '' };
}
}

Expand Down
3 changes: 1 addition & 2 deletions pages/widget.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ import { availableLanguages } from '../lib/i18n';
import Router from 'next/router';

export async function getServerSideProps({ query, res }: GetServerSidePropsContext) {
const origin = (query.origin as string) || '';
const session = (query.session as string) || '';
const repo = (query.repo as string) || '';
const term = (query.term as string) || '';
Expand All @@ -27,7 +26,7 @@ export async function getServerSideProps({ query, res }: GetServerSidePropsConte
const reactionsEnabled = Boolean(+query.reactionsEnabled);
const emitMetadata = Boolean(+query.emitMetadata);
const theme = ((query.theme as string) || 'light') as Theme;
const originHost = getOriginHost(origin);
const { origin, originHost } = getOriginHost((query.origin as string) || '');

const { encryption_password } = env;
const token = await decodeState(session, encryption_password)
Expand Down

1 comment on commit 7ddfc2f

@vercel
Copy link

@vercel vercel bot commented on 7ddfc2f Nov 14, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Successfully deployed to the following URLs:

Please sign in to comment.