fix(clerk-js): Backport dev browser token being read from stale non-partitioned cookies#8238
Merged
nikosdouvlis merged 3 commits intorelease/core-2from Apr 5, 2026
Merged
fix(clerk-js): Backport dev browser token being read from stale non-partitioned cookies#8238nikosdouvlis merged 3 commits intorelease/core-2from
nikosdouvlis merged 3 commits intorelease/core-2from
Conversation
🦋 Changeset detectedLatest commit: d6ddaa1 The changes in this PR will be included in the next version bump. This PR includes changesets to release 3 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
tmilewski
changed the title
@clerk/agent-toolkit
@clerk/astro
@clerk/backend
@clerk/chrome-extension
@clerk/clerk-js
@clerk/dev-cli
@clerk/elements
@clerk/clerk-expo
@clerk/expo-passkeys
@clerk/express
@clerk/fastify
@clerk/localizations
@clerk/nextjs
@clerk/nuxt
@clerk/clerk-react
@clerk/react-router
@clerk/remix
@clerk/shared
@clerk/tanstack-react-start
@clerk/testing
@clerk/themes
@clerk/types
@clerk/upgrade
@clerk/vue
commit: |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
🧹 Nitpick comments (1)
integration/tests/dev-browser-partitioned-cookies.test.ts (1)
30-31: Consider defensive handling for undefined publishable key.The non-null assertion on
parsePublishableKey(pk)!could cause a confusing test failure ifCLERK_PUBLISHABLE_KEYis not configured. A clearer assertion would improve debuggability.🔧 Proposed improvement for better error messaging
const pk = app.env.publicVariables.get('CLERK_PUBLISHABLE_KEY'); - const { frontendApi } = parsePublishableKey(pk)!; + const parsed = parsePublishableKey(pk); + expect(parsed).toBeTruthy(); + const { frontendApi } = parsed!;🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@integration/tests/dev-browser-partitioned-cookies.test.ts` around lines 30 - 31, The test currently uses a non-null assertion on parsePublishableKey(pk)! which will throw a vague error if CLERK_PUBLISHABLE_KEY is missing; update the setup to defensively check that pk (from app.env.publicVariables.get('CLERK_PUBLISHABLE_KEY')) is defined and fail fast with a clear message (e.g., throw or assert) before calling parsePublishableKey, and then call parsePublishableKey(pk) without the non-null assertion and extract frontendApi; reference the symbols pk, app.env.publicVariables.get, and parsePublishableKey to locate and fix the code.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@integration/tests/dev-browser-partitioned-cookies.test.ts`:
- Around line 30-31: The test currently uses a non-null assertion on
parsePublishableKey(pk)! which will throw a vague error if CLERK_PUBLISHABLE_KEY
is missing; update the setup to defensively check that pk (from
app.env.publicVariables.get('CLERK_PUBLISHABLE_KEY')) is defined and fail fast
with a clear message (e.g., throw or assert) before calling parsePublishableKey,
and then call parsePublishableKey(pk) without the non-null assertion and extract
frontendApi; reference the symbols pk, app.env.publicVariables.get, and
parsePublishableKey to locate and fix the code.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 13c25e43-228d-4c06-a30a-0fef91334e71
📒 Files selected for processing (3)
.changeset/plain-lines-kneel.mdintegration/tests/dev-browser-partitioned-cookies.test.tspackages/clerk-js/src/core/auth/devBrowser.ts
networkidle never settles on clerk-js pages because of SessionCookiePoller, telemetry, and captcha network activity. No other integration test uses networkidle.
nikosdouvlis
approved these changes
Apr 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Checklist
pnpm testruns as expected.pnpm buildruns as expected.Type of change
Summary by CodeRabbit
Bug Fixes