[codex] Handle stale auth cookies on public requests#8216
Merged
Conversation
Documentation build overview
214 files changed ·
|
pnicolli
requested changes
May 15, 2026
pnicolli
requested changes
May 15, 2026
pnicolli
approved these changes
May 15, 2026
sneridagh
added a commit
that referenced
this pull request
May 17, 2026
* seven: (43 commits) [codex] Handle stale auth cookies on public requests (#8216) Release Seven 1.0.0-alpha.4 Release @plone/layout 1.0.0-alpha.8 Release @plone/blocks 1.0.0-alpha.10 Release @plone/plate 1.0.0-alpha.8 Release @plone/helpers 2.0.0-alpha.6 Make the import for the styleFields helper resilient and Volto-compatible (#8206) [Seven] Make style fields first-class and preserve block width fallback (#8204) Release @plone/plate 1.0.0-alpha.7 Fixed toolbar button if a single option is shown (#8186) Release @plone/layout 1.0.0-alpha.7 Release @plone/blocks 1.0.0-alpha.9 Release @plone/plate 1.0.0-alpha.6 Release @plone/helpers 2.0.0-alpha.5 Release @plone/types 3.0.0-alpha.1 [Seven] Style fields (#8175) Release @plone/plate 1.0.0-alpha.5 Fixed import from repo in @plone/plate (#8183) Improved prereleaser script Release Seven 1.0.0-alpha.3 ...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR fixes Seven's behavior when the
auth_sevencookie contains a stale or invalid token and the user requests public content.Previously, Seven initialized the Plone client with whatever token was present in the cookie and sent it as
Authorization: Bearer <token>on content and asset requests. When that token was no longer valid, the backend returned401, and Seven surfaced that failure through the rootErrorBoundaryeven for public pages.This change makes Seven recover gracefully instead of failing hard.
What changed
apps/seven/app/middleware.server.ts.401, Seven now reinitializes the client without the token, retries the request anonymously, and continues rendering if anonymous access succeeds.auth_sevencookie on the final page response.@@images,@@download,@@site-logo,@portrait) so public assets still resolve when the cookie is invalid.Authorization: Bearer undefinedon anonymous proxied asset requests.getUser()lookup from the main content/site fetch so user lookup failures do not break otherwise public rendering.@plone/react-routerwith shared helpers for clearing the auth cookie on a response or generating the clearingSet-Cookieheader.apps/sevenandpackages/react-router.Impact
@plone/react-router.Validation
pnpm exec vitest run app/root.test.tsx app/middleware.server.test.tspnpm --filter seven typecheckpnpm --filter @plone/react-router build