Feat: add qr code plugin and allow hosts and origins in dev#728
Feat: add qr code plugin and allow hosts and origins in dev#728JeanneGrenet wants to merge 2 commits into
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (3)
✅ Files skipped from review due to trivial changes (1)
🚧 Files skipped from review as they are similar to previous changes (1)
WalkthroughReplace the dev multiprocess script with a direct build-info generation and Vite start; add a Vite QR code plugin; and in DEV widen auth allowedHosts to ['*'] and set trustedOrigins to derive from the incoming request Origin header (production behavior unchanged). Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@src/server/auth.tsx`:
- Around line 36-41: DEV branch currently echoes any request Origin which
disables origin validation; change the DEV implementation of trustedOrigins so
it only accepts origins that resolve to local addresses (e.g., hostnames
matching localhost, 127.0.0.1, ::1) instead of returning any origin header, and
add a brief inline comment documenting this DEV-only behavior and its relation
to baseURL.allowedHosts; update the anonymous function assigned to
trustedOrigins (the import.meta.env.DEV branch) to parse the origin header,
validate the host against localhost patterns, and return [origin] only if it
matches, otherwise return []; keep production branch using
envServer.AUTH_TRUSTED_ORIGINS unchanged.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: CHILL
Plan: Pro
Run ID: 61313a0b-1a6b-406d-858b-3cae8ecbed7c
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (3)
package.jsonsrc/server/auth.tsxvite.config.ts
|
182cfb6 to
e568131
Compare
|



Summary by CodeRabbit