From 8f87770cebab32c00cb10133979d426306685292 Mon Sep 17 00:00:00 2001
From: KernelDeimos <eric.alex.dube@gmail.com>
Date: Sat, 20 Jul 2024 20:46:03 -0400
Subject: [PATCH] fix: popup login in co isolation mode

---
 src/backend/src/services/WebServerService.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/backend/src/services/WebServerService.js b/src/backend/src/services/WebServerService.js
index 3aeb068a..c149a372 100644
--- a/src/backend/src/services/WebServerService.js
+++ b/src/backend/src/services/WebServerService.js
@@ -378,9 +378,10 @@ class WebServerService extends BaseService {
             const origin = req.headers.origin;
             
             const is_site = req.hostname.endsWith(config.static_hosting_domain);
+            const is_popup = !! req.query.embedded_in_popup;
+            
+            const co_isolation_okay = !is_popup && (is_site || req.co_isolation_enabled);
             
-            const co_isolation_okay = is_site || req.co_isolation_enabled;
-
             if ( req.path === '/signup' || req.path === '/login' ) {
                 res.setHeader('Access-Control-Allow-Origin', origin ?? '*');
             }