Skip to content

feat: fix 404 on the first app loads when unauthenticated #10262

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Oct 16, 2023
Merged

feat: fix 404 on the first app loads when unauthenticated #10262

merged 5 commits into from
Oct 16, 2023

Conversation

Emyrk
Copy link
Member

@Emyrk Emyrk commented Oct 13, 2023
edited
Loading

Closes: #9958

What the issue was

  1. Hit app page without any cookies
  2. Get redirected with a 303 to /login with redirect query param set to the app url.
  3. Hit the login page
  4. Enter credentials
  5. This code navigates you to the redirect url
  6. You hit a 404 page

The technical thing to note is that step 5 is doing a react navigation. We need to send this URL in an HTTP request to the Golang backend to generate the coder_signed_app_token cookie. The react Navigate does not send an HTTP request to the redirectTo url.

This is also an issue with subdomain based apps. The redirect fails.

What changes

This changes all app based redirects to a window.location.href change. This triggers a new HTTP request to the redirect url which the Golang BE can return a set-cookie for the app authentication.

@Emyrk Emyrk requested a review from BrunoQuaresma October 13, 2023 17:44
@Emyrk Emyrk requested a review from aslilac October 13, 2023 17:46
Emyrk and others added 2 commits October 13, 2023 14:09
@Emyrk @aslilac
Update site/src/pages/LoginPage/LoginPage.tsx
29102be 
Co-authored-by: Kayla Washburn <mckayla@hey.com>
@Emyrk
return something
d2281a6
BrunoQuaresma
BrunoQuaresma approved these changes Oct 16, 2023
View reviewed changes
Copy link
Collaborator

@BrunoQuaresma BrunoQuaresma left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding the comments! I don't like this way too much but I can see why it is needed... maybe in the future we can figure out a better solution.

@Emyrk Emyrk merged commit 5a90228 into main Oct 16, 2023
@Emyrk Emyrk deleted the stevenmasley/404_on_app_login branch October 16, 2023 14:29
@github-actions github-actions bot locked and limited conversation to collaborators Oct 16, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@aslilac aslilac aslilac left review comments

@BrunoQuaresma BrunoQuaresma BrunoQuaresma approved these changes

Assignees

@Emyrk Emyrk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

404 first time with shared path-based coder_app even with CODER_DANGEROUS_ALLOW_PATH_APP_SHARING set to true
3 participants
@Emyrk @aslilac @BrunoQuaresma