Add some defensive checks to the token blade file

Kyon147 · Nov 12, 2024 · e1bf25c · e1bf25c
1 parent 91e505c
commit e1bf25c
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/src/resources/views/auth/token.blade.php b/src/resources/views/auth/token.blade.php
@@ -35,10 +35,20 @@
 @section('scripts')
     @parent
         <script>
+                // If no host is found, we need to throw an error
+                const host = new URLSearchParams(location.search).get("host");
+                if (!host) {
+                    throw new Error('No host found in the URL');
+                }
+
+                // If shopify is not defined, then we are not in a Shopify context redirect to the homepage as it
+                if (typeof shopify === 'undefined') {
+                    open("{{ route('home') }}", "_self");
+                }
+
                 shopify.idToken().then((token) => {
-                    const host = new URLSearchParams(location.search).get("host");
-                    let url = new URL(`{!! $target !!}`, window.location.origin);
 
+                    let url = new URL(`{!! $target !!}`, window.location.origin);
                     // Enforce HTTPS if the current page is using HTTPS
                     if (window.location.protocol === 'https:') {
                         url.protocol = 'https:';