fix: harden cookie-less sso token redirects#1087
Conversation
|
Warning Rate limit exceeded
To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
aidevops.sh v3.14.51 plugin for OpenCode v1.14.33 with gpt-5.5 spent 3m and 83,021 tokens on this as a headless worker. |
|
DISPATCH_CLAIM nonce=700f929a63bd5219af701a52427218bc runner=superdav42 ts=2026-05-04T21:06:48Z max_age_s=1800 version=3.14.51 opencode_version=1.14.33 |
|
Dispatching worker (deterministic).
|
🔨 Build Complete - Ready for Testing!📦 Download Build Artifact (Recommended)Download the zip build, upload to WordPress and test:
🌐 Test in WordPress Playground (Very Experimental)Click the link below to instantly test this PR in your browser - no installation needed! Login credentials: |
|
CLAIM_RELEASED reason=clean runner=dave ts=2026-05-04T21:10:18Z aidevops_version=3.14.51 opencode_version=1.14.33 exit=0 session_count=1 |
|
Performance Test Results Performance test results for 1651e6f are in 🛎️! Note: the numbers in parentheses show the difference to the previous (baseline) test run. Differences below 2% or 0.5 in absolute values are not shown. URL:
|
Summary
initso mapped subsites can authenticate fromwu_sso_tokenwithout the multi-tenancy cookie flow.redirect_toadmin URLs, supports custom/login/pages throughtemplate_redirect, and binds tokens to an audience host plus one-timejtitransient.Testing
php -l inc/sso/class-sso.phpvendor/bin/phpstan analyse inc/sso/class-sso.php --memory-limit=1Gvendor/bin/phpcs inc/sso/class-sso.php(blocked: configuredWordPress.Arrays.ArrayDeclaration.*sniffs are unavailable aftercomposer install)For #1086
aidevops.sh v3.14.51 plugin for OpenCode v1.14.33 with gpt-5.5 spent 3m and 80,442 tokens on this as a headless worker.