Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

on-demand-entries-ping does not include cookies #2498

Closed
1 task done
reicheltp opened this issue Jul 7, 2017 · 2 comments
Closed
1 task done

on-demand-entries-ping does not include cookies #2498

reicheltp opened this issue Jul 7, 2017 · 2 comments

Comments

@reicheltp
Copy link
Contributor

  • I have searched the issues of this repository and believe that this is not a duplicate.

Expected Behavior

The on-demand-entries-ping should include the current cookies in the request.

Current Behavior

The on-demand-entries-ping does not include the current cookies in the request.

Steps to Reproduce (for bugs)

If required, I can build an reproduction sample, but I think its obvious.

Context

I am running a nginx as proxy splitting the request between a website served with next, and multiple microservices. All running in docker. For development I am running the website with next in dev mode within the same docker context so that the api request are handled the same way as in prod, but on localhost. The nginx is also validating the session cookies against an authentication services and exchange them for an access_token if the request is forwarded to one of the backend services. The proxy is also blocking the access to the next app if there is no token.
Since the on-demand-entries-ping does not include the cookies, the request is blocked. As a workaround I could allow all _next/... requests with out cookies, but I think that there is no reason why the on-demand-entries-ping should not include the credentials.

Solution

Add { credentials: 'same-origin' } as parameter to the fetch requests, here: https://github.com/zeit/next.js/blob/v3-beta/client/on-demand-entries-client.js#L14 and here: https://github.com/zeit/next.js/blob/v3-beta/client/on-demand-entries-client.js#L19.

If this is an appropriate solution and you have no concerns I can send an PR, asap.

Your Environment

  • Next.js version: 3.0.1-beta.8
  • Environment name and version (e.g. Chrome 39, Node.js 5.4): node:8-alpine
  • Operating System (Linux, maxOS, Windows): docker on Linux
@arunoda
Copy link
Contributor

arunoda commented Jul 7, 2017

This is an interesting way to using the dev mode. Anyway, I don't mind including cookies for those requests. Send us a PR.

@timneutkens timneutkens added good first issue Easy to fix issues, good for newcomers Status: Help Wanted labels Jul 7, 2017
@reicheltp reicheltp mentioned this issue Jul 8, 2017
Merged
@timneutkens timneutkens added Status: Ready and removed good first issue Easy to fix issues, good for newcomers Status: Help Wanted labels Jul 8, 2017
@ivan-aksamentov ivan-aksamentov mentioned this issue Mar 8, 2018
Closed
@ivan-aksamentov
Copy link

ivan-aksamentov commented Mar 8, 2018
edited
Loading

It seems that the #2509 has been overwritten during merging of universal-webpack.
@timneutkens Could we please bring { credentials: 'same-origin' } back? #3968

@lock lock bot locked as resolved and limited conversation to collaborators May 16, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@arunoda @reicheltp @timneutkens @ivan-aksamentov