Skip to content

Commit

Permalink
Merge pull request #477 from alexa/lumas/credHijackCommentFix
Browse files Browse the repository at this point in the history
chore: improving a comment to refer to an issue
  • Loading branch information
LucioMS authored Jun 14, 2023
2 parents 40d98ef + 7c8107a commit 37183ea
Showing 1 changed file with 3 additions and 4 deletions.
7 changes: 3 additions & 4 deletions lib/controllers/authorization-controller/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -149,13 +149,12 @@ module.exports = class AuthorizationController {
const requestUrl = request.url;
const requestQuery = url.parse(requestUrl, true).query;

// Response from the browser with authentication code
if (requestUrl.startsWith("/cb?code")) {
response.end(messages.ASK_SIGN_IN_SUCCESS_MESSAGE);
ui.confirmAllowSignIn((error, confirmSignInChoice) => {
// After confirmed or not browser sign in, closes the socket/port
// with server.destroy().
// We need to keep the port open so a local hacker is not be able to
// open that port until we get an answer in confirmAllowSignIn
// Closing the socket port with server.destroy() only after confirmation question.
// See https://github.com/alexa/ask-cli/issues/476
server.destroy();

if (error) {
Expand Down

0 comments on commit 37183ea

Please sign in to comment.