prevent signin clickjacking

AykutSarac · Oct 7, 2023 · 9af53e5 · 9af53e5
1 parent 6b81875
commit 9af53e5
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 16 deletions.
diff --git a/next.config.js b/next.config.js
@@ -13,19 +13,6 @@ const config = {
   compiler: {
     styledComponents: true,
   },
-  async headers() {
-    return [
-      {
-        source: "/sign-in",
-        headers: [
-          {
-            key: "X-Frame-Options",
-            value: "SAMEORIGIN",
-          },
-        ],
-      },
-    ];
-  },
 };
 
 const bundleAnalyzerConfig = withBundleAnalyzer(config);

diff --git a/src/pages/sign-in.tsx b/src/pages/sign-in.tsx
@@ -20,6 +20,7 @@ import { toast } from "react-hot-toast";
 import { AiOutlineGithub, AiOutlineGoogle } from "react-icons/ai";
 import Layout from "src/layout/Layout";
 import { supabase } from "src/lib/api/supabase";
+import { isIframe } from "src/lib/utils/widget";
 import useUser from "src/store/useUser";
 
 export function AuthenticationForm(props: PaperProps) {
@@ -185,9 +186,8 @@ const SignIn = () => {
   const isPasswordReset = query?.type === "recovery" && !query?.error;
 
   React.useEffect(() => {
-    if (isReady && session && !isPasswordReset) {
-      push("/editor");
-    }
+    if (isIframe()) push("/");
+    if (isReady && session && !isPasswordReset) push("/editor");
   }, [isReady, session, push, isPasswordReset]);
 
   return (