Skip to content

Fix script tag validation with JWT signed fields#375

Merged
shab2k03 merged 1 commit into
masterfrom
shab/fix-jwt-signed-fields-validation
Apr 16, 2026
Merged

Fix script tag validation with JWT signed fields#375
shab2k03 merged 1 commit into
masterfrom
shab/fix-jwt-signed-fields-validation

Conversation

@shab2k03

@shab2k03 shab2k03 commented Apr 13, 2026

Copy link
Copy Markdown
Contributor

Why?

When both user_id and email are configured as signed_user_fields, they get deleted from the user_details hash during JWT promotion. The valid? method then checks that same (now-empty) hash, returns false, and the script tag is silently hidden from views.

How?

Capture identity presence (user_id or email) before JWT signing deletes the fields, then use the cached boolean in valid?. Two-line production change, zero interface changes.

Screen.Recording.2026-04-15.at.13.18.52.mov

…fields

When both user_id and email are configured as signed_user_fields, they are
deleted from user_details during JWT promotion. The valid? check then finds
neither field and silently suppresses the script tag. Fix by capturing
identity presence before the fields are moved to the JWT payload.

Related to intercom/intercom#430057

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@shab2k03 shab2k03 self-assigned this Apr 13, 2026
@shab2k03 shab2k03 merged commit 3d2548e into master Apr 16, 2026
3 checks passed
@shab2k03 shab2k03 deleted the shab/fix-jwt-signed-fields-validation branch April 16, 2026 15:17
shab2k03 added a commit that referenced this pull request Apr 17, 2026
Patch release for the JWT signed fields script tag validation fix (#375).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@shab2k03 shab2k03 mentioned this pull request Apr 17, 2026
shab2k03 added a commit that referenced this pull request Apr 17, 2026
Patch release for the JWT signed fields script tag validation fix (#375).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
shab2k03 added a commit that referenced this pull request Apr 17, 2026
Patch release for the JWT signed fields script tag validation fix (#375).

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants