IPC requests validated against subframe token theft
@clerk/electron@0.0.16
1 fixThis release1 fixBug fixesAI-tallied from the release notes
Patch Changes
- Validate that token-cache and OAuth-transport IPC requests originate from a top-level window's main frame. This prevents untrusted content in subframes or
<webview>s that share the Clerk preload from reading the persisted client JWT or driving the OAuth transport. (#9167) by @dominic-clerk
Fetched July 17, 2026


