admin/ORCID2SWORD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: enhance OAuth flow and improve token handling

Browse Source 
- Added state parameter to exchangeOrcidCode function for better state management during OAuth.
- Implemented storage event listener in AuthContext to handle token updates when postMessage fails.
- Updated AuthCallbackPage to ensure proper handling of OAuth popup closure and state updates.
This commit is contained in:
Alexis
2026-05-12 11:41:19 +02:00
parent 8beb6bc21c
commit fa2de55abe
5 changed files with 61 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/app/core/security_headers.py
+2 -2
View File
@@ -49,7 +49,8 @@ class SecurityHeadersMiddleware(BaseHTTPMiddleware):
"geolocation=(), microphone=(), camera=(), payment=(), usb=(), "
"accelerometer=(), gyroscope=(), magnetometer=(), interest-cohort=()",
)
response.headers.setdefault("Cross-Origin-Opener-Policy", "same-origin")
response.headers.setdefault("Cross-Origin-Opener-Policy", "same-origin-allow-popups")
response.headers.setdefault("Cross-Origin-Resource-Policy", "same-site")
response.headers.setdefault("X-Permitted-Cross-Domain-Policies", "none")
@@ -66,7 +67,6 @@ class SecurityHeadersMiddleware(BaseHTTPMiddleware):
hsts += "; preload"
response.headers.setdefault("Strict-Transport-Security", hsts)
# `MutableHeaders` no implementa `.pop()`. Eliminamos de forma segura.
if "server" in response.headers:
del response.headers["server"]
if "x-powered-by" in response.headers: