npm - @pooflabs/web - Versions diffs - 0.0.47-rc.2 → 0.0.47-rc.3 - Mend

@pooflabs/web 0.0.47-rc.2 → 0.0.47-rc.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/{index-DvYAMJCz.js → index-suqVs0tl.js} RENAMED Viewed

@@ -13302,6 +13302,24 @@ function loginViaPopup() {
 const VALID_PROVIDERS = ['injected', 'google', 'apple', 'deeplink'];
 // Storage key for preserving the original path before OAuth redirect
 const PHANTOM_ORIGINAL_PATH_KEY = 'phantom_oauth_original_path';
+// Cookie name for storing the return origin when using an OAuth redirect proxy
+const AUTH_RETURN_COOKIE = 'tarobase_auth_return';
+/**
+ * Store the current origin in a cookie on the parent domain so an OAuth redirect
+ * proxy page can relay back to this app after the OAuth flow completes.
+ */
+function storeReturnOrigin() {
+    if (typeof window === 'undefined' || typeof document === 'undefined')
+        return;
+    const origin = window.location.origin;
+    // Derive parent domain (e.g., foo-preview.poof.new → .poof.new)
+    const parts = window.location.hostname.split('.');
+    const domain = parts.length >= 2 ? '.' + parts.slice(-2).join('.') : window.location.hostname;
+    try {
+        document.cookie = `${AUTH_RETURN_COOKIE}=${encodeURIComponent(origin)}; domain=${domain}; path=/; max-age=300; SameSite=None; Secure`;
+    }
+    catch (_a) { }
+}
 /**
  * Check if the current URL contains Phantom OAuth callback parameters.
  * Phantom uses various params like phantom_encryption_public_key, data, nonce for deeplink callbacks,
@@ -13425,6 +13443,15 @@ function getEffectiveRedirectUrl(configuredRedirectUrl) {
     }
     // If explicitly configured, use that
     if (configuredRedirectUrl) {
+        // If redirecting to a different origin (proxy), store a cookie so the
+        // proxy page knows where to relay the OAuth params back to
+        try {
+            const redirectOrigin = new URL(configuredRedirectUrl).origin;
+            if (redirectOrigin !== window.location.origin) {
+                storeReturnOrigin();
+            }
+        }
+        catch (_a) { }
         return configuredRedirectUrl;
     }
     // Default to origin (base URL) - this is safer than using the full href
@@ -13451,7 +13478,7 @@ async function loadDependencies() {
         const [reactModule, reactDomModule, phantomModule] = await Promise.all([
             import('react'),
             import('react-dom/client'),
-            Promise.resolve().then(function () { return require('./index-CKyr2iF2.js'); })
+            Promise.resolve().then(function () { return require('./index-CvBV6aJx.js'); })
         ]);
         // Extract default export from ESM module namespace
         // Dynamic import() returns { default: Module, ...exports }, not the module directly
@@ -34876,4 +34903,4 @@ exports.signSessionCreateMessage = signSessionCreateMessage;
 exports.signTransaction = signTransaction;
 exports.subscribe = subscribe;
 exports.useAuth = useAuth;
-//# sourceMappingURL=index-DvYAMJCz.js.map
+//# sourceMappingURL=index-suqVs0tl.js.map