From cfb05f08eee503af6d8ca737c94c242c95601b18 Mon Sep 17 00:00:00 2001 From: Bilal Godil Date: Mon, 19 Jan 2026 10:11:01 -0800 Subject: [PATCH 1/4] fix sign in bug on dev --- packages/stack-shared/src/interface/client-interface.ts | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/packages/stack-shared/src/interface/client-interface.ts b/packages/stack-shared/src/interface/client-interface.ts index d2a16342ea..670c8fdaa1 100644 --- a/packages/stack-shared/src/interface/client-interface.ts +++ b/packages/stack-shared/src/interface/client-interface.ts @@ -5,7 +5,6 @@ import { KnownError, KnownErrors } from '../known-errors'; import { inlineProductSchema } from '../schema-fields'; import { AccessToken, InternalSession, RefreshToken } from '../sessions'; import { generateSecureRandomString } from '../utils/crypto'; -import { getNodeEnvironment } from '../utils/env'; import { StackAssertionError, throwErr } from '../utils/errors'; import { globalVar } from '../utils/globals'; import { HTTP_METHODS, HttpMethod } from '../utils/http'; @@ -166,7 +165,7 @@ export class StackClientInterface { }; const clientAuthentication = oauth.ClientSecretPost(this.options.publishableClientKey); - const allowInsecure = getNodeEnvironment() === 'test' && tokenEndpoint.startsWith('http://'); + const allowInsecure = process.env.NODE_ENV !== 'production' && tokenEndpoint.startsWith('http://'); const response = await this._networkRetryException(async () => { const rawResponse = await oauth.refreshTokenGrantRequest( @@ -1042,7 +1041,7 @@ export class StackClientInterface { }; const clientAuthentication = oauth.ClientSecretPost(this.options.publishableClientKey); // Allow insecure HTTP requests only in test environment (for localhost testing) - const allowInsecure = getNodeEnvironment() === 'test' && tokenEndpoint.startsWith('http://'); + const allowInsecure = process.env.NODE_ENV !== 'production' && tokenEndpoint.startsWith('http://'); let params: URLSearchParams; try { From 11f9e1442521de614151b18209668d83cecb159e Mon Sep 17 00:00:00 2001 From: Bilal Godil Date: Mon, 19 Jan 2026 10:20:27 -0800 Subject: [PATCH 2/4] fix --- packages/stack-shared/src/interface/client-interface.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/stack-shared/src/interface/client-interface.ts b/packages/stack-shared/src/interface/client-interface.ts index 670c8fdaa1..e283fd2886 100644 --- a/packages/stack-shared/src/interface/client-interface.ts +++ b/packages/stack-shared/src/interface/client-interface.ts @@ -165,7 +165,7 @@ export class StackClientInterface { }; const clientAuthentication = oauth.ClientSecretPost(this.options.publishableClientKey); - const allowInsecure = process.env.NODE_ENV !== 'production' && tokenEndpoint.startsWith('http://'); + const allowInsecure = (process.env.NODE_ENV.includes("dev") || process.env.NODE_ENV === 'test') && tokenEndpoint.startsWith('http://'); const response = await this._networkRetryException(async () => { const rawResponse = await oauth.refreshTokenGrantRequest( @@ -1041,7 +1041,7 @@ export class StackClientInterface { }; const clientAuthentication = oauth.ClientSecretPost(this.options.publishableClientKey); // Allow insecure HTTP requests only in test environment (for localhost testing) - const allowInsecure = process.env.NODE_ENV !== 'production' && tokenEndpoint.startsWith('http://'); + const allowInsecure = (process.env.NODE_ENV.includes("dev") || process.env.NODE_ENV === 'test') && tokenEndpoint.startsWith('http://'); let params: URLSearchParams; try { From 3978c07cc62c4c3ef3b6bcaf62f4811fd88748af Mon Sep 17 00:00:00 2001 From: Bilal Godil Date: Mon, 19 Jan 2026 10:23:49 -0800 Subject: [PATCH 3/4] type fix --- packages/stack-shared/src/interface/client-interface.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/stack-shared/src/interface/client-interface.ts b/packages/stack-shared/src/interface/client-interface.ts index e283fd2886..30ec517fe7 100644 --- a/packages/stack-shared/src/interface/client-interface.ts +++ b/packages/stack-shared/src/interface/client-interface.ts @@ -165,7 +165,7 @@ export class StackClientInterface { }; const clientAuthentication = oauth.ClientSecretPost(this.options.publishableClientKey); - const allowInsecure = (process.env.NODE_ENV.includes("dev") || process.env.NODE_ENV === 'test') && tokenEndpoint.startsWith('http://'); + const allowInsecure = (process.env.NODE_ENV?.includes("dev") || process.env.NODE_ENV === 'test') && tokenEndpoint.startsWith('http://'); const response = await this._networkRetryException(async () => { const rawResponse = await oauth.refreshTokenGrantRequest( @@ -1041,7 +1041,7 @@ export class StackClientInterface { }; const clientAuthentication = oauth.ClientSecretPost(this.options.publishableClientKey); // Allow insecure HTTP requests only in test environment (for localhost testing) - const allowInsecure = (process.env.NODE_ENV.includes("dev") || process.env.NODE_ENV === 'test') && tokenEndpoint.startsWith('http://'); + const allowInsecure = (process.env.NODE_ENV?.includes("dev") || process.env.NODE_ENV === 'test') && tokenEndpoint.startsWith('http://'); let params: URLSearchParams; try { From 5a13a1343b88f1aa2155c7156867e50736a33cbe Mon Sep 17 00:00:00 2001 From: Bilal Godil Date: Mon, 19 Jan 2026 11:24:01 -0800 Subject: [PATCH 4/4] lint fix --- packages/stack-shared/src/interface/client-interface.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/stack-shared/src/interface/client-interface.ts b/packages/stack-shared/src/interface/client-interface.ts index 30ec517fe7..7c4c027e5d 100644 --- a/packages/stack-shared/src/interface/client-interface.ts +++ b/packages/stack-shared/src/interface/client-interface.ts @@ -165,6 +165,7 @@ export class StackClientInterface { }; const clientAuthentication = oauth.ClientSecretPost(this.options.publishableClientKey); + // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition const allowInsecure = (process.env.NODE_ENV?.includes("dev") || process.env.NODE_ENV === 'test') && tokenEndpoint.startsWith('http://'); const response = await this._networkRetryException(async () => { @@ -1041,6 +1042,7 @@ export class StackClientInterface { }; const clientAuthentication = oauth.ClientSecretPost(this.options.publishableClientKey); // Allow insecure HTTP requests only in test environment (for localhost testing) + // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition const allowInsecure = (process.env.NODE_ENV?.includes("dev") || process.env.NODE_ENV === 'test') && tokenEndpoint.startsWith('http://'); let params: URLSearchParams;