(origin: string, token: string | null)
| 362 | }; |
| 363 | |
| 364 | const installBearerAuthHeader = (origin: string, token: string | null) => { |
| 365 | authHeaderUnsubscribe?.(); |
| 366 | authHeaderUnsubscribe = null; |
| 367 | if (!token) return; |
| 368 | const headerValue = `Bearer ${token}`; |
| 369 | session.defaultSession.webRequest.onBeforeSendHeaders( |
| 370 | { urls: [`${origin}/*`] }, |
| 371 | (details, callback) => { |
| 372 | // Scope the bearer to the app's OWN renderer. OAuth popups run in this same |
| 373 | // session but load third-party provider pages; auto-attaching the bearer to |
| 374 | // any request they make to the sidecar would make it an ambient credential |
| 375 | // (a CSRF vector) for untrusted content — the very thing the bearer model |
| 376 | // exists to avoid. The popup only ever needs the bearer-exempt |
| 377 | // /oauth/callback and hands its result back via same-origin browser |
| 378 | // channels (localStorage/postMessage), so withholding the bearer from any |
| 379 | // non-app webContents is safe. Requests with no webContentsId (main |
| 380 | // process / network service) still get it. |
| 381 | const fromOtherWebContents = |
| 382 | details.webContentsId !== undefined && |
| 383 | (mainWindow === null || details.webContentsId !== mainWindow.webContents.id); |
| 384 | if (fromOtherWebContents) { |
| 385 | callback({ requestHeaders: details.requestHeaders }); |
| 386 | return; |
| 387 | } |
| 388 | callback({ |
| 389 | requestHeaders: { |
| 390 | ...details.requestHeaders, |
| 391 | Authorization: headerValue, |
| 392 | }, |
| 393 | }); |
| 394 | }, |
| 395 | ); |
| 396 | authHeaderUnsubscribe = () => { |
| 397 | session.defaultSession.webRequest.onBeforeSendHeaders({ urls: [`${origin}/*`] }, null); |
| 398 | }; |
| 399 | }; |
| 400 | |
| 401 | /** |
| 402 | * Resolve the on-disk path to the Executor app icon. Packaged builds get |
no test coverage detected