fix(1.0.12): generalize OAuth popup for all providers, skip passive flows
Two issues in 1.0.11:
1. YouTube auto-opens window.open on accounts.google.com/...?passive=true
at page load to silently pick up an existing Google session via
postMessage. Our setWindowOpenHandler routed these to a top-level popup
where the postMessage parent context is missing → Google falls back to
"JavaScript отключен". Active "Войти" clicks don't carry passive=true,
so they still need the popup.
2. Only accounts.google.com was intercepted. Yandex, Mail.ru, Microsoft,
VK, Apple and GitHub login pages run similar embedded-browser checks;
in-place WebContentsView navigation to them would likely trip the same
detectors.
Replaced isGoogleLoginUrl/migrateGoogleCookies with a provider table
(OAUTH_PROVIDERS by host, OAUTH_PATH_HOSTS by host+path-prefix) so any
known login domain routes through the same clean popup + cookie-migration
flow. passive=true URLs are filtered out so window.open auto-launches
silently fail instead of popping a broken popup.
LOGIN_PARTITION renamed persist:google-login → persist:oauth-login since
it now holds login state for all providers.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "ESH-Media",
|
||||
"version": "1.0.11",
|
||||
"version": "1.0.12",
|
||||
"private": true,
|
||||
"main": "main.js",
|
||||
"scripts": {
|
||||
|
||||
Reference in New Issue
Block a user