feat(clerk-js,backend): Throw error if signInUrl is on same origin as a satellite app

[desiprisg]

Description

Checklist

• npm test runs as expected.
• npm run build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Packages affected

• @clerk/clerk-js
• @clerk/clerk-react
• @clerk/nextjs
• @clerk/remix
• @clerk/types
• @clerk/themes
• @clerk/localizations
• @clerk/clerk-expo
• @clerk/backend
• @clerk/clerk-sdk-node
• @clerk/shared
• @clerk/fastify
• @clerk/chrome-extension
• gatsby-plugin-clerk
• build/tooling/chore

[changeset-bot]

🦋 Changeset detected

Latest commit: cb9fc2d

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 9 packages

Name	Type
@clerk/clerk-js	Patch
@clerk/backend	Patch
@clerk/chrome-extension	Patch
@clerk/clerk-expo	Patch
@clerk/fastify	Patch
gatsby-plugin-clerk	Patch
@clerk/nextjs	Patch
@clerk/remix	Patch
@clerk/clerk-sdk-node	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[dimkl]

🙃

  #validateMultiDomainOptions = () => {
   // ...
    if (this.#options.signInUrl) {
      this.#assertSignInUrlFormatAndOrigin(this.#options.signInUrl, window.location.origin);
    }
    // ...
 }
 
#assertSignInUrlFormatAndOrigin = (signInUrl: string, origin: string): never => {
      try {
        signInUrl = new URL(signInUrl);
      } catch {
        clerkInvalidSignInUrlFormat();
      }

      if (signInUrl.origin === window.location.origin) {
        clerkInvalidSignInUrlOrigin();
      }
  }

[clerk-cookie]

This PR has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.