From 6a4b776eccc16203795786d44c4b80c011c2af37 Mon Sep 17 00:00:00 2001 From: ElasticBottle Date: Wed, 9 Oct 2024 18:30:50 +0000 Subject: [PATCH] =?UTF-8?q?chore:=20don't=20override=20auth=20token=20/=20?= =?UTF-8?q?client=20id=20when=20hitting=20in=20app=20wall=E2=80=A6=20(#497?= =?UTF-8?q?4)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit …et url ## Problem solved Short description of the bug fixed or feature added --- ## PR-Codex overview This PR focuses on enhancing the `thirdweb` dashboard by allowing account linking and improving the authorization logic in the `fetch.ts` file. ### Detailed summary - Updated the authorization check in `fetch.ts` to exclude URLs from in-app wallets when sending the `authToken`. - Introduced a new function `isInAppWalletUrl(url: string): boolean` to determine if a URL is from an in-app or embedded wallet. > ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}` --- .changeset/nervous-tips-pay.md | 5 +++++ packages/thirdweb/src/utils/fetch.ts | 15 ++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 .changeset/nervous-tips-pay.md diff --git a/.changeset/nervous-tips-pay.md b/.changeset/nervous-tips-pay.md new file mode 100644 index 00000000000..76495ab55c4 --- /dev/null +++ b/.changeset/nervous-tips-pay.md @@ -0,0 +1,5 @@ +--- +"thirdweb": patch +--- + +fix: allow account linking on thirdweb dashboard diff --git a/packages/thirdweb/src/utils/fetch.ts b/packages/thirdweb/src/utils/fetch.ts index 7dbb15521ec..15df8d3f308 100644 --- a/packages/thirdweb/src/utils/fetch.ts +++ b/packages/thirdweb/src/utils/fetch.ts @@ -47,7 +47,7 @@ export function getClientFetch(client: ThirdwebClient, ecosystem?: Ecosystem) { // if we have an auth token set, use that (thirdweb.com/dashboard sets this for the user) // pay urls should never send the auth token, because we always want the "developer" to be the one making the request, not the "end user" - if (authToken && !isPayUrl(url)) { + if (authToken && !isPayUrl(url) && !isInAppWalletUrl(url)) { headers.set("authorization", `Bearer ${authToken}`); } else if (secretKey) { headers.set("x-secret-key", secretKey); @@ -140,6 +140,19 @@ function isPayUrl(url: string): boolean { } } +function isInAppWalletUrl(url: string): boolean { + try { + const { hostname } = new URL(url); + // in app wallet service hostname always starts with "in-app-wallet." or "embedded-wallet." + return ( + hostname.startsWith("in-app-wallet.") || + hostname.startsWith("embedded-wallet.") + ); + } catch { + return false; + } +} + const SDK_NAME = "unified-sdk"; let previousPlatform: [string, string][] | undefined;