Skip to content

feat(dev-proxy): isolate local auth cookies by target#36371

Merged
lyzno1 merged 1 commit into
mainfrom
codex/dev-proxy-target-scoped-cookies
May 19, 2026
Merged

feat(dev-proxy): isolate local auth cookies by target#36371
lyzno1 merged 1 commit into
mainfrom
codex/dev-proxy-target-scoped-cookies

Conversation

@lyzno1
Copy link
Copy Markdown
Member

@lyzno1 lyzno1 commented May 19, 2026

Summary

  • Add target-origin scoped local cookie rewriting to the dev proxy so auth cookies from different upstream targets do not overwrite or leak into each other.
  • Override the configured CSRF request header from the active scoped CSRF cookie before forwarding upstream requests.
  • Enable scoped cookie rewriting for Dify's dev proxy auth cookies and document the new configuration.

Benefits

  • Prevents stale localhost auth cookies from being forwarded after switching DEV_PROXY_TARGET or DEV_PROXY_ENTERPRISE_TARGET.
  • Keeps independent login sessions for each upstream target origin during local development.
  • Avoids app-level dev proxy knowledge by keeping CSRF header correction inside the proxy boundary.

Verification

  • pnpm --dir packages/dev-proxy test
  • pnpm --dir packages/dev-proxy type-check
  • pnpm --dir packages/dev-proxy build
  • pnpm -C web type-check

@dosubot dosubot Bot added size:L This PR changes 100-499 lines, ignoring generated files. javascript labels May 19, 2026
@github-actions github-actions Bot added the web This relates to changes on the web. label May 19, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented May 19, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.96%. Comparing base (b0a3399) to head (c8acabf).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #36371   +/-   ##
=======================================
  Coverage   85.96%   85.96%           
=======================================
  Files        4455     4455           
  Lines      211575   211575           
  Branches    39541    39541           
=======================================
+ Hits       181878   181880    +2     
+ Misses      26483    26481    -2     
  Partials     3214     3214
Flag Coverage Δ
dify-ui 94.59% <ø> (ø)
web 86.56% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@lyzno1 lyzno1 changed the title fix(dev-proxy): isolate local auth cookies by target feat(dev-proxy): isolate local auth cookies by target May 19, 2026
@lyzno1 lyzno1 enabled auto-merge May 19, 2026 05:34
@lyzno1 lyzno1 added this pull request to the merge queue May 19, 2026
@dosubot dosubot Bot added the lgtm This PR has been approved by a maintainer label May 19, 2026
Merged via the queue into main with commit 674cdc3 May 19, 2026
34 checks passed
@lyzno1 lyzno1 deleted the codex/dev-proxy-target-scoped-cookies branch May 19, 2026 06:06
zhangtaodemama added a commit to zhangtaodemama/langgenius-dify-bfaadcb0c706 that referenced this pull request May 19, 2026
@zhangtaodemama
chore(bot): replace .github/workflows + overlays for upstream PR lang…
074b47d 
…genius#36371 (merge 674cdc3)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hyoban hyoban hyoban approved these changes

@iamjoel iamjoel Awaiting requested review from iamjoel iamjoel is a code owner

@crazywoola crazywoola Awaiting requested review from crazywoola crazywoola is a code owner

@laipz8200 laipz8200 Awaiting requested review from laipz8200 laipz8200 is a code owner

@Yeuoly Yeuoly Awaiting requested review from Yeuoly

Assignees

No one assigned

Labels

lgtm This PR has been approved by a maintainer size:L This PR changes 100-499 lines, ignoring generated files. web This relates to changes on the web.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lyzno1 @hyoban