@farcaster/snap-hono 1.4.10 → 1.5.0

package/dist/index.js

@@ -116,7 +116,10 @@ export function registerSnapHandler(app, snapFn, options = {}) {
         const skipJFSVerification = options.skipJFSVerification !== undefined
             ? options.skipJFSVerification
             : envSkipJFSVerification();
-        const parsed = await parseRequest(raw, { skipJFSVerification });
+        const parsed = await parseRequest(raw, {
+            skipJFSVerification,
+            requestOrigin: snapOriginFromRequest(raw),
+        });
         if (!parsed.success) {
             const err = parsed.error;
             switch (err.type) {
@@ -127,6 +130,7 @@ export function registerSnapHandler(app, snapFn, options = {}) {
                 case "validation":
                     return c.json({ error: "invalid POST body", issues: err.issues }, 400);
                 case "replay":
+                case "origin_mismatch":
                     return c.json({ error: err.message }, 400);
                 case "signature":
                     return c.json({ error: err.message }, 401);
@@ -202,14 +206,15 @@ async function getFallbackHtml(request, snapFn, ogImageUrl, openGraph) {
 }
 function snapOriginFromRequest(request) {
     const fromEnv = process.env.SNAP_PUBLIC_BASE_URL?.trim();
-    if (fromEnv)
-        return fromEnv.replace(/\/$/, "");
-    const proto = request.headers.get("x-forwarded-proto")?.trim() || "https";
-    const host = request.headers.get("x-forwarded-host")?.trim() ||
-        request.headers.get("host")?.trim();
-    if (host)
-        return `${proto}://${host}`.replace(/\/$/, "");
-    return "https://docs.farcaster.xyz/snap";
+    if (fromEnv) {
+        try {
+            return new URL(fromEnv).origin;
+        }
+        catch {
+            return fromEnv.replace(/\/$/, "");
+        }
+    }
+    return new URL(request.url).origin;
 }
 function clientWantsSnapResponse(accept) {
     if (!accept || accept.trim() === "")

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@farcaster/snap-hono",
-  "version": "1.4.10",
+  "version": "1.5.0",
   "description": "Hono integration for Farcaster Snap servers",
   "repository": {
     "type": "git",
@@ -28,7 +28,7 @@
   "dependencies": {
     "@resvg/resvg-wasm": "^2.6.2",
     "satori": "^0.10.0",
-    "@farcaster/snap": "1.15.3"
+    "@farcaster/snap": "1.16.0"
   },
   "peerDependencies": {
     "hono": ">=4.0.0"

package/src/index.ts

@@ -193,7 +193,10 @@ export function registerSnapHandler(
         ? options.skipJFSVerification
         : envSkipJFSVerification();
 
-    const parsed = await parseRequest(raw, { skipJFSVerification });
+    const parsed = await parseRequest(raw, {
+      skipJFSVerification,
+      requestOrigin: snapOriginFromRequest(raw),
+    });
 
     if (!parsed.success) {
       const err = parsed.error;
@@ -208,6 +211,7 @@ export function registerSnapHandler(
             400,
           );
         case "replay":
+        case "origin_mismatch":
           return c.json({ error: err.message }, 400);
         case "signature":
           return c.json({ error: err.message }, 401);
@@ -301,15 +305,15 @@ async function getFallbackHtml(
 
 function snapOriginFromRequest(request: Request): string {
   const fromEnv = process.env.SNAP_PUBLIC_BASE_URL?.trim();
-  if (fromEnv) return fromEnv.replace(/\/$/, "");
-
-  const proto = request.headers.get("x-forwarded-proto")?.trim() || "https";
-  const host =
-    request.headers.get("x-forwarded-host")?.trim() ||
-    request.headers.get("host")?.trim();
-  if (host) return `${proto}://${host}`.replace(/\/$/, "");
+  if (fromEnv) {
+    try {
+      return new URL(fromEnv).origin;
+    } catch {
+      return fromEnv.replace(/\/$/, "");
+    }
+  }
 
-  return "https://docs.farcaster.xyz/snap";
+  return new URL(request.url).origin;
 }
 
 function clientWantsSnapResponse(accept: string | undefined): boolean {