1
92%
main: 92%

Ran 02 Jun 2026 10:02PM UTC

Files 266

Run time 10s

Badge

Embed ▾

Committed 02 Jun 2026 10:01PM UTC coverage: 61.546% (-0.04%) from 61.583%

Job # 26850636017.1

Build Type

push

github

Committed by

SeaweedbrainCY

Commit Message

feat(api): If the detected Origin is likely a mobile app, tokens are also returned in the body

The Origin header is used to know if the origin app is capacitor or not. This header is spoofable, but only on a hijacked browser. Innocent user cannot have this modified without a compromised browser.
Attacker can spoof their own Origin header. In that case there is no sensitive information that isn't already transmitted in the SetCookies header.

It's more a precaution feature than a security feature

Coverage Stats

13609 of 22112 relevant lines covered (61.55%)

0.62 hits per line

SeaweedbrainCY / zero-totp / 26850636017 / 1
92%
main: 92%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 26850636017.1

SeaweedbrainCY / zero-totp / 26850636017 / 1 92% main: 92%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 26850636017.1

SeaweedbrainCY / zero-totp / 26850636017 / 1
92%
main: 92%

README BADGES
x