-
Notifications
You must be signed in to change notification settings - Fork 374
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
backend calls are not sticky (AKA Session affinity) #7104
Comments
In order to ensure that Spartacus (or better: angular) will send cookies with a request, requests must be done with Once this is in place, an error will be thrown, as an additional backend configuration must be done. A new configuration property must be added |
The SameSite=None policy |
Sends cookies to each OCC request, with the withCredentials flag in the http client. This requires a new OCC configuration, which (currently) defaults to false. An additional CORS configuration is required to ensure that a decoupled storefront is allowed to pass cookies into the request. closes #7104
QA:
backend: {
occ: {
baseUrl: 'https://storefront.c39j2-walkersde1-d4-public.model-t.cc.commerce.ondemand.com',
useWithCredentials: true
}
}
|
…ttp requests (#7139) This could be considered a feature as well. It's been introduced in 2.0, but a backport was required for customers who scale out their API. In order to configure this behaviour (which is turned of by default), you must provide the interceptor in a module (i.e. in the AppModule) `providers: [withCredentialsInterceptorProvider]` Additionally, a CORS configuration is required in the backend to pass requests from another domain. The following configuration must be installed: `corsfilter.ycommercewebservices.allowCredentials=true` This can be done either in the backoffice or by using project.properties. closes #7104
…ttp requests (#7146) This could be considered a feature as well. It's been introduced in 2.0, but a backport was required for customers who scale out their API. In order to configure this behaviour (which is turned of by default), you must provide the interceptor in a module (i.e. in the AppModule) `providers: [withCredentialsInterceptorProvider]` Additionally, a CORS configuration is required in the backend to pass requests from another domain. The following configuration must be installed: `corsfilter.ycommercewebservices.allowCredentials=true` This can be done either in the backoffice or by using project.properties. closes #7104
|
@KateChuen Your QA work seem to confirm the aim of this ticket, good stuff. |
With a backend running multiple pods/nodes, the backend will not been able to send cache invalidations cross a cluster when sub-sequential requests come in too soon. Moreover, if multiple requests are being scattered over multiple nodes, there's latency and unnecessary resources consumed.
Spartacus should interact with a single backend as much as possible for a single client. This is traditionally called "sticky sessions".
CCv2 is partially prepared for this. It adds a ROUTE cookie to the response. This cookie however is not configurable and uses no
SameSite
policy. This means that a decoupled storefront is likely going to fail to use it, as it's acting on a different domain. Today only chrome seem to have issues with this, but going forward it is expected to see more browsers following.That being sad, Spartacus today doesn't use the ROUTE cookies. Cookies aren't send with any request at all. In order to leverage the ROUTE cookie, the following must be done:
withCredentials: true
option in the http client, so that cookies are send with each requestAllow-Origin-With-Credentials:true
) to ensure that the cookies are passing the filter.The text was updated successfully, but these errors were encountered: