Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(auth-server): handle preflight requests #1040

Merged
merged 7 commits into from
Mar 22, 2024
Merged

fix(auth-server): handle preflight requests #1040

merged 7 commits into from
Mar 22, 2024

Conversation

cristiand391
Copy link
Member

@cristiand391 cristiand391 commented Mar 21, 2024
edited
Loading

What does this PR do?

Updates the auth web server to handle preflight requests.

Chrome v123 (promoted to stable 2 days ago) now does a preflight request (OPTIONS req) to the server before the auth request, the server only handled GET request and was throwing on anything else, blocking the web auth flow.

repro:

  1. update chrome to v123
  2. try auth with sf org login web, type auth creds in browser and click on login
  3. see failure on browser and sf exits with Invalid request method: OPTIONS error.

on the network tab you can see the preflight request that causes the failure:
Screenshot 2024-03-22 at 14 35 40

testing:
link this branch into plugin-auth and follow the repro steps, the preflight request is handled correctly and auth can follow.

What issues does this PR fix or reference?

@W-15313611@
forcedotcom/cli#2785

mshanemc
mshanemc previously approved these changes Mar 21, 2024
View reviewed changes
cristiand391
cristiand391 commented Mar 21, 2024
View reviewed changes
src/webOAuthServer.ts
public handlePreflightRequest(response: http.ServerResponse): void {
// We don't validate the origin here because:
// 1. The default login URL (login.salesforce.com) will not match after a redirect or if user choose a custom domain in login.
// 2. There's no fixed list of auth URLs we could check against.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

point 1 refers to the oauth config object that can be accessed here.

If the value of the Origin header is not a case-sensitive match for any of the values in list of origins do not set any additional headers and terminate this set of steps.
Always matching is acceptable since the list of origins can be unbounded.

@cristiand391 cristiand391 added the bug Something isn't working label Mar 22, 2024
@git2gus Git2Gus
Copy link

git2gus bot commented Mar 22, 2024

This issue has been linked to a new work item: W-15313611

@WillieRuemmele
Copy link
Member

QA Notes

I was unable to reproduce this on an M1 mac with chrome 123...
I hoped on a call with Cristian, and we walked through it together

✅ : able to auth web login to an org
✅ : OPTIONS request => 204

@cristiand391 cristiand391 merged commit 7a109d9 into main Mar 22, 2024
68 checks passed
@cristiand391 cristiand391 deleted the cd/handle-preflight-req branch March 22, 2024 20:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mshanemc mshanemc mshanemc left review comments

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@cristiand391 @WillieRuemmele @mshanemc @svc-cli-bot