-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: extractCookie from GraphiQLHeader (#6894) #6895
Conversation
6 replays were recorded for 3ea4f93. |
Thanks @zaiyou12 for finding that and fixing. Could you add a test in |
9581815
to
f1d67a5
Compare
Sure, I've updated commit with the test code |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Had a few questions and will let @cannikin also review. Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wasn't involved in adding the GraphiQL header stuff to dbAuth, so let me know if my comment about that logic is way off base, maybe I just don't understand how it works! 😅
packages/auth-providers-api/src/dbAuth/__tests__/DbAuthHandler.test.js
Outdated
Show resolved
Hide resolved
I've fixed all the issues. Also, I added tests to make sure it works well under normal case when not using GraphiQLHeader. |
Thanks @zaiyou12 ... I grabbed this PR and did a little refactoring on the tests and added some tests from the shared utilities. But, I cannot push to your remote:
Could I get permissions to push? We'll be able to merge once I can. Thanks! |
Hi @dthyresson , thank you for the updates. I’ve checked “Allow edits by maintainers” option and invited you to my repo as collaborator. I hope it will works. Thank you! |
It's okay. Thank you for your help! |
Implement a fix for this issue: #6894
Steps to reproduce
Solution description:
event.headers.cookie || event.headers.Cookie
overwritescookieFromGraphiqlHeader
in below, even if user has generated graphiql headers. (It will returnevent.headers.cookie
, notcookieFromGraphiqlHeader
)redwood/packages/auth-providers-api/src/dbAuth/shared.ts
Lines 19 to 21 in 61ec0fe
When graphiql headers has recognized, it should be returned immediately to prevent overwriting issue.