CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-02 03:35:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: newtab blocked by tab ownership check for scoped tokens

Browse Source 
The tab ownership check ran before the newtab handler, checking
the active tab (owned by root) against the scoped token. Since
the scoped token doesn't own the root tab, newtab returned 403.
Skip the ownership check for newtab since it creates a new tab.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-04-06 16:28:22 -07:00
parent 3d53a7595f
commit fcb37d5cfe
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
browse/src/server.ts
+2 -1
View File
@@ -929,7 +929,8 @@ async function handleCommandInternal(
}
// ─── Tab ownership check (for scoped tokens) ──────────────
if (tokenInfo && tokenInfo.clientId !== 'root' && (WRITE_COMMANDS.has(command) || tokenInfo.tabPolicy === 'own-only')) {
// Skip for newtab — it creates a new tab, doesn't access an existing one.
if (command !== 'newtab' && tokenInfo && tokenInfo.clientId !== 'root' && (WRITE_COMMANDS.has(command) || tokenInfo.tabPolicy === 'own-only')) {
const targetTab = tabId ?? browserManager.getActiveTabId();
if (!browserManager.checkTabAccess(targetTab, tokenInfo.clientId, { isWrite: WRITE_COMMANDS.has(command), ownOnly: tokenInfo.tabPolicy === 'own-only' })) {
return {