(core) Fixing origin check during Google Authentication

Summary: Fixing two bugs - Google Auth Endpoint wasn't resolving protocol in a correct way - Google Auth Popup was navigationg to endpoint url based on home url, which was diffent from current page origin Test Plan: n/a Reviewers: paulfitz Reviewed By: paulfitz Subscribers: paulfitz Differential Revision: https://phab.getgrist.com/D2937
2026-03-02 04:09:24 +00:00 · 2021-07-23 00:21:09 +02:00
parent 95cc2eb282
commit f8e4fe54ba
3 changed files with 21 additions and 8 deletions
--- a/app/server/lib/GoogleAuth.ts
+++ b/app/server/lib/GoogleAuth.ts
@@ -1,10 +1,11 @@
-import { auth } from '@googleapis/oauth2';
-import { ApiError } from 'app/common/ApiError';
-import { parseSubdomain } from 'app/common/gristUrls';
-import { expressWrap } from 'app/server/lib/expressWrap';
+import {auth} from '@googleapis/oauth2';
+import {ApiError} from 'app/common/ApiError';
+import {parseSubdomain} from 'app/common/gristUrls';
+import {expressWrap} from 'app/server/lib/expressWrap';
 import * as log from 'app/server/lib/log';
+import {getOriginUrl} from 'app/server/lib/requestUtils';
 import * as express from 'express';
-import { URL } from 'url';
+import {URL} from 'url';

 /**
 * Google Auth Endpoint for performing server side authentication. More information can be found
@@ -150,7 +151,7 @@ export function addGoogleAuthEndpoint(
      const oAuth2Client = _googleAuthClient();
      const scope = req.query.scope || DRIVE_SCOPE;
      // Create url for origin parameter for a popup window.
-      const origin = `${req.protocol}://${req.headers.host}`;
+      const origin = getOriginUrl(req);
      const authUrl = oAuth2Client.generateAuthUrl({
        scope,
        prompt: 'select_account',