@pooflabs/web 0.0.47-rc.2 → 0.0.47-rc.3

package/dist/{index-BUuISZtf.esm.js → index-Dumc6uKc.esm.js}

@@ -13282,6 +13282,24 @@ function loginViaPopup() {
 const VALID_PROVIDERS = ['injected', 'google', 'apple', 'deeplink'];
 // Storage key for preserving the original path before OAuth redirect
 const PHANTOM_ORIGINAL_PATH_KEY = 'phantom_oauth_original_path';
+// Cookie name for storing the return origin when using an OAuth redirect proxy
+const AUTH_RETURN_COOKIE = 'tarobase_auth_return';
+/**
+ * Store the current origin in a cookie on the parent domain so an OAuth redirect
+ * proxy page can relay back to this app after the OAuth flow completes.
+ */
+function storeReturnOrigin() {
+    if (typeof window === 'undefined' || typeof document === 'undefined')
+        return;
+    const origin = window.location.origin;
+    // Derive parent domain (e.g., foo-preview.poof.new → .poof.new)
+    const parts = window.location.hostname.split('.');
+    const domain = parts.length >= 2 ? '.' + parts.slice(-2).join('.') : window.location.hostname;
+    try {
+        document.cookie = `${AUTH_RETURN_COOKIE}=${encodeURIComponent(origin)}; domain=${domain}; path=/; max-age=300; SameSite=None; Secure`;
+    }
+    catch (_a) { }
+}
 /**
  * Check if the current URL contains Phantom OAuth callback parameters.
  * Phantom uses various params like phantom_encryption_public_key, data, nonce for deeplink callbacks,
@@ -13405,6 +13423,15 @@ function getEffectiveRedirectUrl(configuredRedirectUrl) {
     }
     // If explicitly configured, use that
     if (configuredRedirectUrl) {
+        // If redirecting to a different origin (proxy), store a cookie so the
+        // proxy page knows where to relay the OAuth params back to
+        try {
+            const redirectOrigin = new URL(configuredRedirectUrl).origin;
+            if (redirectOrigin !== window.location.origin) {
+                storeReturnOrigin();
+            }
+        }
+        catch (_a) { }
         return configuredRedirectUrl;
     }
     // Default to origin (base URL) - this is safer than using the full href
@@ -13431,7 +13458,7 @@ async function loadDependencies() {
         const [reactModule, reactDomModule, phantomModule] = await Promise.all([
             import('react'),
             import('react-dom/client'),
-            import('./index-C26G4SZ4.esm.js')
+            import('./index-DOuGYz_U.esm.js')
         ]);
         // Extract default export from ESM module namespace
         // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -34809,4 +34836,4 @@ async function getIdToken() {
 }
 
 export { useAuth as A, getIdToken as B, PrivyWalletProvider as C, DEFAULT_TEST_ADDRESS as D, EventEmitter4 as E, buildSetDocumentsTransaction as F, clearCache as G, closeAllSubscriptions as H, convertRemainingAccounts as I, createSessionWithPrivy as J, createSessionWithSignature as K, genAuthNonce as L, MockAuthProvider as M, genSolanaMessage as N, OffchainAuthProvider as O, PhantomWalletProvider as P, getCachedData as Q, reconnectWithNewAuth as R, ServerSessionManager as S, refreshSession as T, signSessionCreateMessage as U, WebSessionManager as W, bs58 as a, bufferExports as b, commonjsRequire as c, onAuthLoadingChanged as d, getAuthLoading as e, logout as f, getCurrentUser as g, getConfig as h, init as i, getAuthProvider as j, get$2 as k, login as l, setMany as m, setFile as n, onAuthStateChanged as o, getFiles as p, runQuery as q, require$$0$1 as r, set$1 as s, runQueryMany as t, runExpression as u, runExpressionMany as v, signMessage as w, signTransaction as x, signAndSubmitTransaction as y, subscribe as z };
-//# sourceMappingURL=index-BUuISZtf.esm.js.map
+//# sourceMappingURL=index-Dumc6uKc.esm.js.map