fix(auth): noopener returns null popup reference

window.open with noopener returns null, so the subsequent location.href assignment was a no-op. Open without noopener, then null out opener manually before navigating.
2026-02-16 23:51:07 -07:00 · 2026-02-16 23:51:07 -07:00 · 0198898979
commit 0198898979
parent 7d7eb72ea8
1 changed files with 7 additions and 3 deletions
--- a/src/components/settings/ai-model-tab.tsx
+++ b/src/components/settings/ai-model-tab.tsx
@ -318,11 +318,15 @@ function ProviderConfigSection({

  const handleOAuthConnect = async (): Promise<void> => {
    // Open window immediately in the click handler to avoid
-    // popup blockers (async gap kills the user gesture)
-    const popup = window.open("about:blank", "_blank", "noopener")
+    // popup blockers (async gap kills the user gesture).
+    // Can't use noopener here — it makes window.open return null.
+    const popup = window.open("about:blank", "_blank")
    const { verifier, challenge } = await generatePKCE()
    const url = buildAuthUrl(challenge)
-    if (popup) popup.location.href = url
+    if (popup) {
+      popup.opener = null
+      popup.location.href = url
+    }
    setOAuth({ step: "connecting", verifier })
  }