refactor: rework cookie domain logic

frontend/src/lib/hooks/redirect-uri.ts

@@ -9,6 +9,7 @@ type IuseRedirectUri = {
 export const useRedirectUri = (
   redirect_uri: string | undefined,
   cookieDomain: string,
+  subdomainsEnabled: boolean,
 ): IuseRedirectUri => {
   let isValid = false;
   let isTrusted = false;
@@ -39,10 +40,11 @@ export const useRedirectUri = (
 
   isValid = true;
 
-  if (
-    url.hostname == cookieDomain ||
-    url.hostname.endsWith(`.${cookieDomain}`)
-  ) {
+  if (url.hostname == cookieDomain) {
+    isTrusted = true;
+  }
+
+  if (subdomainsEnabled && url.hostname.endsWith("." + cookieDomain)) {
     isTrusted = true;
   }
 

frontend/src/pages/continue-page.tsx

@@ -37,6 +37,7 @@ export const ContinuePage = () => {
   const { url, valid, trusted, allowedProto, httpsDowngrade } = useRedirectUri(
     redirectUri,
     app.cookieDomain,
+    app.subdomainsEnabled,
   );
 
   const urlHref = url?.href;
@@ -108,7 +109,11 @@ export const ContinuePage = () => {
               components={{
                 code: <code />,
               }}
-              values={{ cookieDomain: app.cookieDomain }}
+              values={{
+                cookieDomain: app.subdomainsEnabled
+                  ? `.${app.cookieDomain}`
+                  : app.cookieDomain,
+              }}
               shouldUnescape={true}
             />
           </CardDescription>

frontend/src/schemas/app-context-schema.ts

@@ -24,6 +24,7 @@ const uiSchema = z.object({
 const appSchema = z.object({
   appUrl: z.string(),
   cookieDomain: z.string(),
+  subdomainsEnabled: z.boolean(),
 });
 
 export const appContextSchema = z.object({