From e4f6b47c9647aa1aa16bd3ac8c8dc625db8fa43c Mon Sep 17 00:00:00 2001
From: istarkov <istarkov@gmail.com>
Date: Tue, 3 Sep 2024 19:57:42 +0000
Subject: [PATCH] Fix logout

---
 apps/builder/app/routes/builder-logout.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/apps/builder/app/routes/builder-logout.ts b/apps/builder/app/routes/builder-logout.ts
index 0c365e48dc2a..a74ec7ad411f 100644
--- a/apps/builder/app/routes/builder-logout.ts
+++ b/apps/builder/app/routes/builder-logout.ts
@@ -26,6 +26,11 @@ export const action = async ({ request }: ActionFunctionArgs) => {
     );
   }
 
+  if (request.headers.get("sec-fetch-site") === "same-origin") {
+    // To prevent logout initiated from the builder iframe
+    throw new Error("Only cross-origin requests are allowed");
+  }
+
   if (
     false === request.headers.get("Content-Type")?.includes("application/json")
   ) {