New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Workaround csrf redirects #667
Conversation
@@ -0,0 +1,46 @@ | |||
# How to remote debug an application on SAP Cloud Platform |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this got in by accident?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes
if (error.request._isRedirect) { | ||
return makeCsrfRequest(destination, { | ||
...axiosConfig, | ||
url: error.request._options.path |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a API to get the path? Accessing _options
is potentially dangerous because this variable is not part of the public API of the request object.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps a check with good logs statement in case the path is not present.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
will do
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added a log statement. I don't think that there is another api for the request, but for extra safety I added a check that the path exists.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM only a minor comment.
Context
The issue behind csrf requests not working on On-Premise systems is a bug in axios (axios/axios#3369). The http proxy agent config is missing in the second request, when there is a redirect. I added a workaround to achieve the correct redirect behavior. This issue was opened by a user here: #617
Definition of Done
Please consider all items and remove only if not applicable.
name
that does X in order to Y" over "Now X can be done by calling a new function".fix:
andfeat:
will end up in the release notes)yarn run doc
still works.