From 1a1f244c9615d13cd2f8ab9dbf080a78444af855 Mon Sep 17 00:00:00 2001 From: tomaioo Date: Thu, 14 May 2026 11:09:23 -0700 Subject: [PATCH] fix(security): redux store exposed on window for testing In `clients/admin-ui/global.d.ts`, the `__REDUX_STORE__` is exposed on the `Window` interface. While this is intended for Cypress testing, it could leak sensitive application state if accessed in production. Signed-off-by: tomaioo <203048277+tomaioo@users.noreply.github.com> --- clients/admin-ui/global.d.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/clients/admin-ui/global.d.ts b/clients/admin-ui/global.d.ts index f3b31e74e22..ed08a72b412 100644 --- a/clients/admin-ui/global.d.ts +++ b/clients/admin-ui/global.d.ts @@ -8,6 +8,6 @@ declare module globalThis { interface Window { // Cypress is available on window when running in Cypress tests Cypress?: any; - // Redux store is exposed for Cypress testing - __REDUX_STORE__?: any; + // Redux store is exposed for Cypress testing only + __REDUX_STORE__?: process.env.NODE_ENV === 'test' ? any : never; }