Add comment for sec-fetch-dest iframe value

clerk · Jul 11, 2024 · 203414f · 203414f
1 parent a73c9b9
commit 203414f
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/packages/backend/src/tokens/request.ts b/packages/backend/src/tokens/request.ts
@@ -48,6 +48,7 @@ function isRequestEligibleForHandshake(authenticateContext: { secFetchDest?: str
   const { accept, secFetchDest } = authenticateContext;
 
   // NOTE: we could also check sec-fetch-mode === navigate here, but according to the spec, sec-fetch-dest: document should indicate that the request is the data of a user navigation.
+  // Also, we check for 'iframe' because it's the value set when a doc request is made by an iframe.
   if (secFetchDest === 'document' || secFetchDest === 'iframe') {
     return true;
   }