From 450b0fface2f0f51bdcc8641133879ff3b8fe6bb Mon Sep 17 00:00:00 2001
From: medievalshell <medievalshell@gmail.com>
Date: Thu, 21 May 2026 02:23:56 +0200
Subject: [PATCH] security: don't dump the SSO ticket in the prepare()
 diagnostic log
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The `[App] prepare() start` console.warn was including the full SSO
ticket from `window.location.search`. SSO tickets are one-shot bearer
credentials — any leak (copied logs in a bug report, screen share,
malicious browser extension reading console output) grants
single-use access to the user's session. Replace the actual ticket
with a boolean.
---
 src/App.tsx | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/App.tsx b/src/App.tsx
index fe05be2..97fd260 100644
--- a/src/App.tsx
+++ b/src/App.tsx
@@ -477,11 +477,16 @@ export const App: FC<{}> = props =>
     {
         const prepare = async (width: number, height: number) =>
         {
+            // Don't dump the actual SSO ticket — it's a one-shot bearer
+            // credential that grants access to the user's session, so
+            // logging it in console.warn would leak it via copied logs
+            // / screen shares / browser extension hooks. Boolean flag is
+            // enough for the diagnostic.
             console.warn('[App] prepare() start', {
                 hasNitroConfig: !!window.NitroConfig,
                 ssoTicketInConfig: !!window.NitroConfig?.['sso.ticket'],
                 hasRememberLocal: !!GetRememberLogin(),
-                urlSso: new URLSearchParams(window.location.search).get('sso')
+                hasUrlSso: !!new URLSearchParams(window.location.search).get('sso')
             });
 
             const bootLabel = taskLabel('loading.task.boot', 'Avvio in corso...');