mirror of
https://github.com/stack-auth/stack.git
synced 2026-06-19 21:00:40 +08:00
9fa7e3b0c3
<!-- Make sure you've read the CONTRIBUTING.md guidelines: https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Invitation flow now derives the invitation link from a provided origin rather than accepting a full callback URL. * **Bug Fixes / Security** * Enforced origin whitelist for invitation redirects to prevent untrusted callback URLs. * **Tests** * Added a test ensuring untrusted callback URLs are rejected with a proper error response. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com> |
||
|---|---|---|
| .. | ||
| __snapshots__ | ||
| auth | ||
| contact-channels | ||
| integrations | ||
| internal | ||
| payments | ||
| api-keys.test.ts | ||
| auth-flows.test.ts | ||
| check-feature-support.test.ts | ||
| connected-accounts.test.ts | ||
| data-vault.test.ts | ||
| email-themes.test.ts | ||
| index.test.ts | ||
| internal-metrics.test.ts | ||
| notification-preferences.test.ts | ||
| oauth-providers.test.ts | ||
| project-permission-definitions.test.ts | ||
| project-permissions.test.ts | ||
| projects.test.ts | ||
| render-email.test.ts | ||
| send-email.test.ts | ||
| stripe-webhooks.test.ts | ||
| team-invitations.test.ts | ||
| team-member-profiles.test.ts | ||
| team-memberships.test.ts | ||
| team-permission-definitions.test.ts | ||
| team-permissions.test.ts | ||
| teams.test.ts | ||
| unsubscribe-link.test.ts | ||
| users.test.ts | ||