Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(nextjs): Append DevBrowser on cross-origin redirects #1297

Merged
merged 2 commits into from
Jun 8, 2023
Merged

fix(nextjs): Append DevBrowser on cross-origin redirects #1297

merged 2 commits into from
Jun 8, 2023

Conversation

anagstef
Copy link
Member

@anagstef anagstef commented Jun 6, 2023

Type of change

  • 🐛 Bug fix
  • 🌟 New feature
  • 🔨 Breaking change
  • 📖 Refactoring / dependency upgrade / documentation
  • other:

Packages affected

  • @clerk/clerk-js
  • @clerk/clerk-react
  • @clerk/nextjs
  • @clerk/remix
  • @clerk/types
  • @clerk/themes
  • @clerk/localizations
  • @clerk/clerk-expo
  • @clerk/backend
  • @clerk/clerk-sdk-node
  • @clerk/shared
  • @clerk/fastify
  • @clerk/chrome-extension
  • gatsby-plugin-clerk
  • build/tooling/chore

Description

  • npm test runs as expected.
  • npm run build runs as expected.

This PR refactors and improves #1241.

This PR also introduces a new header x-clerk-redirect-to which indicates that redirectToSignIn or redirectToSignUp have been called.

After this PR, Dev Browser on redirects will only be appended if all of the following conditions apply:

  • redirectToSignIn or redirectToSignUp have been called,
  • the Secret Key hints a development Clerk instance,
  • the redirection is cross-origin

This change fixes the dev browser issue on implementations that use custom domains for sign-in or sign-up pages, other than Clerk Hosted Pages.

@anagstef anagstef requested a review from dimkl June 6, 2023 09:59
@anagstef anagstef self-assigned this Jun 6, 2023
@changeset-bot
Copy link

changeset-bot bot commented Jun 6, 2023
edited
Loading

🦋 Changeset detected

Latest commit: a1cb2ab

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@clerk/nextjs Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@anagstef anagstef changed the title fix(nextjs): Append DevBrowser when a redirectTo is called fix(nextjs): Append DevBrowser on cross-origin redirects Jun 6, 2023
jit-ci[bot]
jit-ci bot reviewed Jun 6, 2023
View reviewed changes
Copy link

@jit-ci jit-ci bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Great news! Jit hasn't found any security issues in your PR. Good Job! 🏆

panteliselef
panteliselef approved these changes Jun 6, 2023
View reviewed changes
Copy link
Member

@panteliselef panteliselef left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good 💯

@anagstef
fix(nextjs): Append DevBrowser when a redirectTo is called
7103441 
Dev Browser on redirects will only be appended if:
- redirectToSignIn or redirectToSignUp have been called,
- the Secret Key hints a development Clerk instance,
- the redirection is cross-origin
anagstef added a commit that referenced this pull request Jun 8, 2023
@anagstef
chore(nextjs): Add changeset for PR #1297
2d772dc
@anagstef anagstef force-pushed the stefanos/js-447-scope-the-dev-browser-jwt-addition-to-redirecttosignin branch from 64a2bcd to 2d772dc Compare June 8, 2023 09:24
anagstef added a commit that referenced this pull request Jun 8, 2023
@anagstef
chore(nextjs): Add changeset for PR #1297
16b4f87
@anagstef anagstef force-pushed the stefanos/js-447-scope-the-dev-browser-jwt-addition-to-redirecttosignin branch from 2d772dc to 16b4f87 Compare June 8, 2023 09:48
@anagstef anagstef force-pushed the stefanos/js-447-scope-the-dev-browser-jwt-addition-to-redirecttosignin branch from 16b4f87 to a1cb2ab Compare June 8, 2023 09:51
@nikosdouvlis nikosdouvlis merged commit 737bd78 into main Jun 8, 2023
@nikosdouvlis nikosdouvlis deleted the stefanos/js-447-scope-the-dev-browser-jwt-addition-to-redirecttosignin branch June 8, 2023 10:01
@github-actions github-actions bot mentioned this pull request Jun 8, 2023
Closed
@clerk-cookie clerk-cookie mentioned this pull request Jun 9, 2023
Merged
@clerk-cookie
Copy link
Collaborator

This PR has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@clerk clerk locked as resolved and limited conversation to collaborators Jun 8, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jit-ci jit-ci[bot] jit-ci[bot] left review comments

@nikosdouvlis nikosdouvlis nikosdouvlis approved these changes

@dimkl dimkl dimkl approved these changes

@panteliselef panteliselef panteliselef approved these changes

@SokratisVidros SokratisVidros Awaiting requested review from SokratisVidros

Assignees

@anagstef anagstef

Labels
backend fastify nextjs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@anagstef @clerk-cookie @nikosdouvlis @dimkl @panteliselef