Fix: Messages Sent to Any Website Without Verifying Recipient in apps/web/app/(navigation)/page.tsx (#565)

author: orbisai0security <[email protected]> 2025-11-07 12:17:40 +0530
committer: GitHub <[email protected]> 2025-11-06 22:47:40 -0800
commit: af12864d7263f88743960d18d2c95a0f0327d827 (patch)
tree: 531b531322dcf36339b33bb9a5b47b4b22bcdbe2 /apps
parent: Migrate Chat Persistence from localStorage to IndexedDB to Fix QuotaExceededE... (diff)
download: supermemory-af12864d7263f88743960d18d2c95a0f0327d827.tar.xz
supermemory-af12864d7263f88743960d18d2c95a0f0327d827.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/web/app/(navigation)/page.tsx b/apps/web/app/(navigation)/page.tsx
index d2be1ad8..212f33c0 100644
--- a/apps/web/app/(navigation)/page.tsx
+++ b/apps/web/app/(navigation)/page.tsx
@@ -33,7 +33,7 @@ export default function Page() {
 
 			if (sessionToken && userData?.email) {
 				const encodedToken = encodeURIComponent(sessionToken)
-				window.postMessage({ token: encodedToken, userData }, "*")
+				window.postMessage({ token: encodedToken, userData }, window.location.origin)
 				url.searchParams.delete("extension-auth-success")
 				window.history.replaceState({}, "", url.toString())
 			}
author	orbisai0security <[email protected]>	2025-11-07 12:17:40 +0530
committer	GitHub <[email protected]>	2025-11-06 22:47:40 -0800
commit	af12864d7263f88743960d18d2c95a0f0327d827 (patch)
tree	531b531322dcf36339b33bb9a5b47b4b22bcdbe2 /apps
parent	Migrate Chat Persistence from localStorage to IndexedDB to Fix QuotaExceededE... (diff)
download	supermemory-af12864d7263f88743960d18d2c95a0f0327d827.tar.xz supermemory-af12864d7263f88743960d18d2c95a0f0327d827.zip