Skip to content

Allow to pass a token to the embed script#4005

Open
gregberge wants to merge 2 commits intomainfrom
greg/rnd-9616-embed-bootstrap-script-auto-initializes-without-visitor-jwt
Open

Allow to pass a token to the embed script#4005
gregberge wants to merge 2 commits intomainfrom
greg/rnd-9616-embed-bootstrap-script-auto-initializes-without-visitor-jwt

Conversation

@gregberge
Copy link
Contributor

@gregberge gregberge commented Feb 13, 2026
edited
Loading

Also linked to https://app.gitbook.com/o/d8f63b60-89ae-11e7-8574-5927d48c4877/s/NkEGS7hzeqa35sMXQZ4X/~/changes/947/publishing-documentation/embedding/implementation/script

Why do we use a data attribute and not a query parameter? Because query parameters travels through networks, logs, etc. So using a data parameter is better for security.

We need to use ?jwt_token to access the site behind VA anyway.

Copilot AI review requested due to automatic review settings February 13, 2026 12:47
@linear
Copy link

linear bot commented Feb 13, 2026

RND-9616 Embed bootstrap script auto-initializes without visitor JWT token

@changeset-bot
Copy link

changeset-bot bot commented Feb 13, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: 3e28abf

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions
Copy link
Contributor

github-actions bot commented Feb 13, 2026
edited
Loading

Summary of the deployments:

Version URL Status
Vercel https://gitbook-v2-4wnz9ssp6-gitbook.vercel.app
Cloudflare https://e65c8588-gitbook-open-v2-preview.gitbook.workers.dev

Test content

Site 2v 2c
GitBook https://gitbook-v2-4wnz9ssp6-gitbook.vercel.app/url/gitbook.com/docs https://e65c8588-gitbook-open-v2-preview.gitbook.workers.dev/url/gitbook.com/docs
E2E https://gitbook-v2-4wnz9ssp6-gitbook.vercel.app/url/gitbook.gitbook.io/test-gitbook-open https://e65c8588-gitbook-open-v2-preview.gitbook.workers.dev/url/gitbook.gitbook.io/test-gitbook-open

Copilot AI reviewed Feb 13, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for passing authentication tokens via URL parameters in the embed script. Users can now include a token in the script src URL (e.g., script.js?token=...), which will be automatically extracted and passed to the GitBook initialization for visitor authentication.

Changes:

  • Added getScriptSearchParams() function to extract URL parameters from the script tag's src attribute
  • Token parameter is retrieved from the script URL and passed to GitBook init via the initFrameOptions parameter
  • Both initialization branches (pre-loaded and lazy-loaded GitBook) now receive the token

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@argos-ci
Copy link

argos-ci bot commented Feb 13, 2026
edited
Loading

The latest updates on your projects. Learn more about Argos notifications ↗︎

Build Status Details Updated (UTC)
customers-v2 (Inspect) 👍 Changes approved 9 changed Feb 13, 2026, 2:29 PM
v2-cloudflare (Inspect) 👍 Changes approved 14 changed Feb 13, 2026, 2:36 PM
v2-vercel (Inspect) 👍 Changes approved 26 changed Feb 13, 2026, 2:33 PM

@gregberge gregberge force-pushed the greg/rnd-9616-embed-bootstrap-script-auto-initializes-without-visitor-jwt branch from 082c837 to 6e11a7e Compare February 13, 2026 12:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@spastorelli spastorelli Awaiting requested review from spastorelli

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gregberge