feat: pass targetOrigin in handleAuth error responses

Mearman · Mearman · commit 3e551ee022d6 · 2025-07-05T18:29:15.000+01:00
Add targetOrigin parameter to error responses in the handleAuth function
to ensure error messages are only sent to the originating domain.
diff --git a/src/index.js b/src/index.js
@@ -117,6 +117,7 @@ const handleAuth = async (request, env) => {
         provider,
         error: 'OAuth app client ID or secret is not configured.',
         errorCode: 'MISCONFIGURED_CLIENT',
+        targetOrigin: referringOrigin || origin,
       });
     }
 
@@ -136,6 +137,7 @@ const handleAuth = async (request, env) => {
         provider,
         error: 'OAuth app client ID or secret is not configured.',
         errorCode: 'MISCONFIGURED_CLIENT',
+        targetOrigin: referringOrigin || origin,
       });
     }
 

Original file line number	Diff line number	Diff line change
`@@ -117,6 +117,7 @@ const handleAuth = async (request, env) => {`
`117`	`117`	`provider,`
`118`	`118`	`error: 'OAuth app client ID or secret is not configured.',`
`119`	`119`	`errorCode: 'MISCONFIGURED_CLIENT',`
	`120`	`+ targetOrigin: referringOrigin \|\| origin,`
`120`	`121`	`});`
`121`	`122`	`}`
`122`	`123`
`@@ -136,6 +137,7 @@ const handleAuth = async (request, env) => {`
`136`	`137`	`provider,`
`137`	`138`	`error: 'OAuth app client ID or secret is not configured.',`
`138`	`139`	`errorCode: 'MISCONFIGURED_CLIENT',`
	`140`	`+ targetOrigin: referringOrigin \|\| origin,`
`139`	`141`	`});`
`140`	`142`	`}`
`141`	`143`