Skip to content

fix(electron): default allowedRedirectProtocols to the renderer scheme#9043

Merged
nicolas-angelo merged 4 commits into
mainfrom
fix/electron-redirect-protocol-from-scheme
Jun 30, 2026
Merged

fix(electron): default allowedRedirectProtocols to the renderer scheme#9043
nicolas-angelo merged 4 commits into
mainfrom
fix/electron-redirect-protocol-from-scheme

Conversation

@nicolas-angelo

@nicolas-angelo nicolas-angelo commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Description

Small DX win: today apps have to manually set allowedRedirectProtocols={['<scheme>:']} on <ClerkProvider> so Clerk's prebuilt-UI cross-links aren't rejected (i.e. the sign-up link on the SignIn component and the sign-in link on the SignUp component).

This PR makes it zero-config by deriving the scheme from the renderer's own origin (window.location.protocol, i.e. the scheme registered via createClerkBridge) and appending it to allowedRedirectProtocols internally by default.

The only exception to this new behavior is honoring explicit values (including []) which will override.

Testing: drop allowedRedirectProtocols from <ClerkProvider> and confirm in-app cross-links (sign-in ↔ sign-up) on auth components work properly.

Note on changeset level: scoped as a patch because the current default (no custom scheme in the allowlist) leaves the SDK's cross-links broken out of the box - so this feels more like a fix.

Checklist

  • pnpm test runs as expected.
  • pnpm build runs as expected.
  • JSDoc comments have been added for the new behavior.
  • (If applicable) Documentation has been updated

Type of change

  • 🐛 Bug fix
  • 🌟 New feature
  • 🔨 Breaking change
  • 📖 Refactoring / dependency upgrade / documentation

Summary by CodeRabbit

  • New Features
    • Electron apps now automatically allow the renderer’s own custom protocol for redirect flows when applicable (e.g., clerk:).
    • You can still explicitly control redirect protocols via an allowedRedirectProtocols setting, including setting it to none.
  • Bug Fixes
    • Improved default redirect handling so custom renderer schemes work with no extra configuration.
    • file: renderers remain unchanged (not auto-allowed), and https: defaults are not added automatically.
  • Tests
    • Added coverage for defaulting and override behavior of redirect protocols.

@changeset-bot

changeset-bot Bot commented Jun 30, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: 74d00ce

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@clerk/electron Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel

vercel Bot commented Jun 30, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
clerk-js-sandbox Ready Ready Preview, Comment Jun 30, 2026 8:37pm
swingset Ready Ready Preview, Comment Jun 30, 2026 8:37pm

Request Review

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Repository UI (inherited)

Review profile: CHILL

Plan: Pro Plus

Run ID: b7f9ca99-c862-4c14-a4ce-48f3dc49ebf4

📥 Commits

Reviewing files that changed from the base of the PR and between c5be752 and 74d00ce.

📒 Files selected for processing (1)
  • packages/electron/src/react/__tests__/ClerkProvider.test.tsx
🚧 Files skipped from review as they are similar to previous changes (1)
  • packages/electron/src/react/tests/ClerkProvider.test.tsx

📝 Walkthrough

Walkthrough

ClerkProvider in the Electron package now derives a default allowedRedirectProtocols value from window.location.protocol for custom renderer schemes, forwards it to ReactClerkProvider, and preserves any explicit prop value, including an empty array. Tests and release notes cover the new behavior.

Auto allowedRedirectProtocols for Electron renderer

Layer / File(s) Summary
Helper and provider wiring
packages/electron/src/react/index.tsx
defaultAllowedRedirectProtocols() reads window.location.protocol, returns a single custom scheme when appropriate, and ClerkProvider passes either the explicit prop or the derived default into ReactClerkProvider.
Behavior tests and changeset
packages/electron/src/react/__tests__/ClerkProvider.test.tsx, .changeset/electron-auto-allowed-redirect-protocols.md
Tests cover custom-scheme defaulting, https: and file: omission, and explicit overrides; the changeset documents the renderer protocol behavior.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐇 Hop, hop, through the redirect gate,
clerk: joins the list at just the right rate.
https and file stay out of the cart,
explicit arrays still play their part.
Tiny hops, tidy paths, a protocol art ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and concisely summarizes the main Electron change: defaulting allowedRedirectProtocols to the renderer scheme.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch

Comment @coderabbitai help to get the list of available commands.

@pkg-pr-new

pkg-pr-new Bot commented Jun 30, 2026

Copy link
Copy Markdown

Open in StackBlitz

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@9043

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@9043

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@9043

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@9043

@clerk/electron

npm i https://pkg.pr.new/@clerk/electron@9043

@clerk/electron-passkeys

npm i https://pkg.pr.new/@clerk/electron-passkeys@9043

@clerk/eslint-plugin

npm i https://pkg.pr.new/@clerk/eslint-plugin@9043

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@9043

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@9043

@clerk/express

npm i https://pkg.pr.new/@clerk/express@9043

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@9043

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@9043

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@9043

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@9043

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@9043

@clerk/react

npm i https://pkg.pr.new/@clerk/react@9043

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@9043

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@9043

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@9043

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@9043

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@9043

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@9043

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@9043

commit: 74d00ce

@wobsoriano wobsoriano left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good, thanks!

@nicolas-angelo nicolas-angelo merged commit d4bafb4 into main Jun 30, 2026
51 checks passed
@nicolas-angelo nicolas-angelo deleted the fix/electron-redirect-protocol-from-scheme branch June 30, 2026 20:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants