René's URL Explorer Experiment


Title: fix(idp): allow CORS for all clients on token endpoint by melvincarvalho · Pull Request #11 · JavaScriptSolidServer/JavaScriptSolidServer · GitHub

Open Graph Title: fix(idp): allow CORS for all clients on token endpoint by melvincarvalho · Pull Request #11 · JavaScriptSolidServer/JavaScriptSolidServer

X Title: fix(idp): allow CORS for all clients on token endpoint by melvincarvalho · Pull Request #11 · JavaScriptSolidServer/JavaScriptSolidServer

Description: Summary Simplify clientBasedCORS to return true for all clients Fixes OIDC login for web apps loaded from CDN (like Mashlib from unpkg.com) Problem When Mashlib is loaded from CDN, the OIDC token exchange fails with: 400 Bad Request - origin not allowed for client The previous code only allowed CORS for clients with tokenEndpointAuthMethod === 'none', but dynamically registered clients default to client_secret_basic. Solution Solid servers are public and should accept token requests from any web app origin, so clientBasedCORS now returns true for all clients. Test plan Clear browser cache/cookies for test server Navigate to a resource with Mashlib enabled Click "Sign In" and complete OIDC login Verify token exchange succeeds (no 400 error) Verify authenticated user can access protected resources Fixes #10

Open Graph Description: Summary Simplify clientBasedCORS to return true for all clients Fixes OIDC login for web apps loaded from CDN (like Mashlib from unpkg.com) Problem When Mashlib is loaded from CDN, the OIDC token...

X Description: Summary Simplify clientBasedCORS to return true for all clients Fixes OIDC login for web apps loaded from CDN (like Mashlib from unpkg.com) Problem When Mashlib is loaded from CDN, the OIDC token...

Opengraph URL: https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11

X: @github

direct link

Domain: github.com

route-pattern/:user_id/:repository/pull/:id/files(.:format)
route-controllerpull_requests
route-actionfiles
fetch-noncev2:b6eace5b-c32c-020c-3368-5edc4e7fecf5
current-catalog-service-hashae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b
request-idDBC4:C83B7:3F8E86:578E63:69774DFE
html-safe-nonce0f1b1650b59801348c07eb595a1dddaef4b73df77c7a327384edd21427c03ae2
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJEQkM0OkM4M0I3OjNGOEU4Njo1NzhFNjM6Njk3NzRERkUiLCJ2aXNpdG9yX2lkIjoiODMyMjA2NTk3MDM3MzI4MzMyNiIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9
visitor-hmacba761d8241ed3a3d2098ae883bcabab2d61a2c9be35239f04d25186b1d38577a
hovercard-subject-tagpull_request:3133777566
github-keyboard-shortcutsrepository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location///pull_requests/show/files
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files
twitter:imagehttps://avatars.githubusercontent.com/u/65864?s=400&v=4
twitter:cardsummary_large_image
og:imagehttps://avatars.githubusercontent.com/u/65864?s=400&v=4
og:image:altSummary Simplify clientBasedCORS to return true for all clients Fixes OIDC login for web apps loaded from CDN (like Mashlib from unpkg.com) Problem When Mashlib is loaded from CDN, the OIDC token...
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
None3310064f35a62c06a4024ba37f41c06836f39376a095c2dfd2c4b693c34965be
turbo-cache-controlno-preview
diff-viewunified
go-importgithub.com/JavaScriptSolidServer/JavaScriptSolidServer git https://github.com/JavaScriptSolidServer/JavaScriptSolidServer.git
octolytics-dimension-user_id205442424
octolytics-dimension-user_loginJavaScriptSolidServer
octolytics-dimension-repository_id958025407
octolytics-dimension-repository_nwoJavaScriptSolidServer/JavaScriptSolidServer
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id958025407
octolytics-dimension-repository_network_root_nwoJavaScriptSolidServer/JavaScriptSolidServer
turbo-body-classeslogged-out env-production page-responsive full-width
disable-turbotrue
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
release67d5f8d1d53c3cc4f49fc3bb8029933c3dc219e6
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2FJavaScriptSolidServer%2FJavaScriptSolidServer%2Fpull%2F11%2Ffiles
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub SparkBuild and deploy intelligent appshttps://github.com/features/spark
GitHub ModelsManage and compare promptshttps://github.com/features/models
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2FJavaScriptSolidServer%2FJavaScriptSolidServer%2Fpull%2F11%2Ffiles
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fpull_requests%2Fshow%2Ffiles&source=header-repo&source_repo=JavaScriptSolidServer%2FJavaScriptSolidServer
Reloadhttps://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files
Reloadhttps://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files
Reloadhttps://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files
JavaScriptSolidServer https://github.com/JavaScriptSolidServer
JavaScriptSolidServerhttps://github.com/JavaScriptSolidServer/JavaScriptSolidServer
Notifications https://github.com/login?return_to=%2FJavaScriptSolidServer%2FJavaScriptSolidServer
Fork 4 https://github.com/login?return_to=%2FJavaScriptSolidServer%2FJavaScriptSolidServer
Star 4 https://github.com/login?return_to=%2FJavaScriptSolidServer%2FJavaScriptSolidServer
Code https://github.com/JavaScriptSolidServer/JavaScriptSolidServer
Issues 59 https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/issues
Pull requests 6 https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pulls
Actions https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/actions
Projects 0 https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/projects
Security 0 https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/security
Insights https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pulse
Code https://github.com/JavaScriptSolidServer/JavaScriptSolidServer
Issues https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/issues
Pull requests https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pulls
Actions https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/actions
Projects https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/projects
Security https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/security
Insights https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pulse
Sign up for GitHub https://github.com/signup?return_to=%2FJavaScriptSolidServer%2FJavaScriptSolidServer%2Fissues%2Fnew%2Fchoose
terms of servicehttps://docs.github.com/terms
privacy statementhttps://docs.github.com/privacy
Sign inhttps://github.com/login?return_to=%2FJavaScriptSolidServer%2FJavaScriptSolidServer%2Fissues%2Fnew%2Fchoose
melvincarvalhohttps://github.com/melvincarvalho
gh-pageshttps://github.com/JavaScriptSolidServer/JavaScriptSolidServer/tree/gh-pages
fix/oidc-cors-all-clientshttps://github.com/JavaScriptSolidServer/JavaScriptSolidServer/tree/fix/oidc-cors-all-clients
Conversation 0 https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11
Commits 3 https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/commits
Checks 0 https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/checks
Files changed https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files
Please reload this pagehttps://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files
fix(idp): allow CORS for all clients on token endpoint https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files#top
Show all changes 3 commits https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files
48614c5 fix(idp): allow CORS for all clients on token endpoint melvincarvalho Dec 29, 2025 https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/commits/48614c5802f3fab44ba64dca4752ff3dbb343f69
3f3d4e7 fix(cors): add DPoP to allowed headers for Solid-OIDC melvincarvalho Dec 29, 2025 https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/commits/3f3d4e70a61e5a1905ffe4ab122d99807d0a5770
b496dc4 fix(idp): strip iss parameter from authorization redirects melvincarvalho Dec 29, 2025 https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/commits/b496dc4cd5b8dea5391bbcb6fa654f2b40031b2c
Clear filters https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files
Please reload this pagehttps://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files
Please reload this pagehttps://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files
index.js https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files#diff-840ae5b71b1db750c082e959aff3f130e281eb1dd486c03882f9d973978b54c0
provider.js https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files#diff-6fe7753b2bdbe967f4ee20e869bff359d7b1e21a01dd1e52ffb11082f237d2c4
headers.js https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files#diff-c37ccf661f497794a232af01bdce5035c1757e7d909f6fbfb9986682bac39e6b
src/idp/index.jshttps://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files#diff-840ae5b71b1db750c082e959aff3f130e281eb1dd486c03882f9d973978b54c0
View file https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/blob/b496dc4cd5b8dea5391bbcb6fa654f2b40031b2c/src/idp/index.js
Open in desktop https://desktop.github.com
https://github.co/hiddenchars
https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/{{ revealButtonHref }}
https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files#diff-840ae5b71b1db750c082e959aff3f130e281eb1dd486c03882f9d973978b54c0
https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files#diff-840ae5b71b1db750c082e959aff3f130e281eb1dd486c03882f9d973978b54c0
src/idp/provider.jshttps://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files#diff-6fe7753b2bdbe967f4ee20e869bff359d7b1e21a01dd1e52ffb11082f237d2c4
View file https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/blob/b496dc4cd5b8dea5391bbcb6fa654f2b40031b2c/src/idp/provider.js
Open in desktop https://desktop.github.com
https://github.co/hiddenchars
https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/{{ revealButtonHref }}
https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files#diff-6fe7753b2bdbe967f4ee20e869bff359d7b1e21a01dd1e52ffb11082f237d2c4
https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files#diff-6fe7753b2bdbe967f4ee20e869bff359d7b1e21a01dd1e52ffb11082f237d2c4
src/ldp/headers.jshttps://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files#diff-c37ccf661f497794a232af01bdce5035c1757e7d909f6fbfb9986682bac39e6b
View file https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/blob/b496dc4cd5b8dea5391bbcb6fa654f2b40031b2c/src/ldp/headers.js
Open in desktop https://desktop.github.com
https://github.co/hiddenchars
https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/{{ revealButtonHref }}
https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files#diff-c37ccf661f497794a232af01bdce5035c1757e7d909f6fbfb9986682bac39e6b
https://github.com/JavaScriptSolidServer/JavaScriptSolidServer/pull/11/files#diff-c37ccf661f497794a232af01bdce5035c1757e7d909f6fbfb9986682bac39e6b
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width

URLs of crawlers that visited me.