web-manager 4.3.3 → 4.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +11 -1
- package/package.json +1 -1
- package/src/index.js +11 -1
package/dist/index.js
CHANGED
|
@@ -506,7 +506,9 @@ class Manager {
|
|
|
506
506
|
|| this.config.environment;
|
|
507
507
|
|
|
508
508
|
if (env === 'development') {
|
|
509
|
-
|
|
509
|
+
// BEM's `mgr serve` exposes the local API over HTTPS (mkcert proxy on 5002,
|
|
510
|
+
// since backend-manager 5.7.0) — plain http:// cannot connect to it.
|
|
511
|
+
return 'https://localhost:5002';
|
|
510
512
|
}
|
|
511
513
|
|
|
512
514
|
const apiDomain = this._resolveFirebaseConfig()?.authDomain; // Has to be this since some projects like Clockii use ITW Universal Auth
|
|
@@ -526,6 +528,14 @@ class Manager {
|
|
|
526
528
|
const returnUrlObject = new URL(decodeURIComponent(url));
|
|
527
529
|
const currentUrlObject = new URL(window.location.href);
|
|
528
530
|
|
|
531
|
+
// Loopback returns (RFC 8252 §7.3) are valid while the SITE runs in development:
|
|
532
|
+
// native apps (Electron Manager) can't OS-register their custom scheme in dev, so
|
|
533
|
+
// their sign-in flow returns to an ephemeral 127.0.0.1 listener instead. Any port —
|
|
534
|
+
// the app binds it at flow start. Production sites never match this branch.
|
|
535
|
+
if (this.isDevelopment() && ['127.0.0.1', '[::1]', 'localhost'].includes(returnUrlObject.hostname)) {
|
|
536
|
+
return true;
|
|
537
|
+
}
|
|
538
|
+
|
|
529
539
|
return returnUrlObject.host === currentUrlObject.host
|
|
530
540
|
|| returnUrlObject.protocol === this.config.brand?.id + ':'
|
|
531
541
|
|| (this.config.validRedirectHosts || []).includes(returnUrlObject.host);
|
package/package.json
CHANGED
package/src/index.js
CHANGED
|
@@ -506,7 +506,9 @@ class Manager {
|
|
|
506
506
|
|| this.config.environment;
|
|
507
507
|
|
|
508
508
|
if (env === 'development') {
|
|
509
|
-
|
|
509
|
+
// BEM's `mgr serve` exposes the local API over HTTPS (mkcert proxy on 5002,
|
|
510
|
+
// since backend-manager 5.7.0) — plain http:// cannot connect to it.
|
|
511
|
+
return 'https://localhost:5002';
|
|
510
512
|
}
|
|
511
513
|
|
|
512
514
|
const apiDomain = this._resolveFirebaseConfig()?.authDomain; // Has to be this since some projects like Clockii use ITW Universal Auth
|
|
@@ -526,6 +528,14 @@ class Manager {
|
|
|
526
528
|
const returnUrlObject = new URL(decodeURIComponent(url));
|
|
527
529
|
const currentUrlObject = new URL(window.location.href);
|
|
528
530
|
|
|
531
|
+
// Loopback returns (RFC 8252 §7.3) are valid while the SITE runs in development:
|
|
532
|
+
// native apps (Electron Manager) can't OS-register their custom scheme in dev, so
|
|
533
|
+
// their sign-in flow returns to an ephemeral 127.0.0.1 listener instead. Any port —
|
|
534
|
+
// the app binds it at flow start. Production sites never match this branch.
|
|
535
|
+
if (this.isDevelopment() && ['127.0.0.1', '[::1]', 'localhost'].includes(returnUrlObject.hostname)) {
|
|
536
|
+
return true;
|
|
537
|
+
}
|
|
538
|
+
|
|
529
539
|
return returnUrlObject.host === currentUrlObject.host
|
|
530
540
|
|| returnUrlObject.protocol === this.config.brand?.id + ':'
|
|
531
541
|
|| (this.config.validRedirectHosts || []).includes(returnUrlObject.host);
|