MCPcopy Create free account
hub / github.com/UsefulSoftwareCo/executor / installBearerAuthHeader

Function installBearerAuthHeader

apps/desktop/src/main/index.ts:364–399  ·  view source on GitHub ↗
(origin: string, token: string | null)

Source from the content-addressed store, hash-verified

362};
363
364const installBearerAuthHeader = (origin: string, token: string | null) => {
365 authHeaderUnsubscribe?.();
366 authHeaderUnsubscribe = null;
367 if (!token) return;
368 const headerValue = `Bearer ${token}`;
369 session.defaultSession.webRequest.onBeforeSendHeaders(
370 { urls: [`${origin}/*`] },
371 (details, callback) => {
372 // Scope the bearer to the app's OWN renderer. OAuth popups run in this same
373 // session but load third-party provider pages; auto-attaching the bearer to
374 // any request they make to the sidecar would make it an ambient credential
375 // (a CSRF vector) for untrusted content — the very thing the bearer model
376 // exists to avoid. The popup only ever needs the bearer-exempt
377 // /oauth/callback and hands its result back via same-origin browser
378 // channels (localStorage/postMessage), so withholding the bearer from any
379 // non-app webContents is safe. Requests with no webContentsId (main
380 // process / network service) still get it.
381 const fromOtherWebContents =
382 details.webContentsId !== undefined &&
383 (mainWindow === null || details.webContentsId !== mainWindow.webContents.id);
384 if (fromOtherWebContents) {
385 callback({ requestHeaders: details.requestHeaders });
386 return;
387 }
388 callback({
389 requestHeaders: {
390 ...details.requestHeaders,
391 Authorization: headerValue,
392 },
393 });
394 },
395 );
396 authHeaderUnsubscribe = () => {
397 session.defaultSession.webRequest.onBeforeSendHeaders({ urls: [`${origin}/*`] }, null);
398 };
399};
400
401/**
402 * Resolve the on-disk path to the Executor app icon. Packaged builds get

Callers 4

armSupervisedMonitorFunction · 0.85
createWindowFunction · 0.85
restartSidecarAndReloadFunction · 0.85
registerIpcHandlersFunction · 0.85

Calls 1

callbackFunction · 0.85

Tested by

no test coverage detected