fix: fixes cookie override during redirection from server action #61633
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
technikhil314
requested review from
timneutkens,
ijjk,
shuding,
huozhi,
feedthejim,
ztanner and
wyattjoh
as code owners
technikhil314
force-pushed
the
canary
branch
from
b577744
to
3c3dc85
Compare
shuding
reviewed
Mar 2, 2024
technikhil314
commented
Mar 12, 2024
technikhil314
commented
Mar 12, 2024
shuding
approved these changes
Mar 16, 2024
|
@shuding Thanks a lot for approval but I see the merge button is still disabled for me. Let me know if I am missing any steps. |
|
Hi team, we are implementing some auth flow that will be simplified a lot with these changes. We are currently working around it via returning cookies to a client and then shooting another request and then redirect. Can attract some attention to this, maybe @ztanner ? I saw you fixed a bunch of things in recent months, could you take your eyes on it please? If it doesn't affects your existing priorities or planned scope 🙏🏻🙏🏻 |
ijjk
approved these changes
Apr 4, 2024
epiloguess
pushed a commit
to epiloguess/next.js
that referenced
this pull request
Apr 5, 2024
) ### What? Fixes vercel#61611 ### Why? Any one having custom server may be having logic to set cookies during GET requests too. Currently nextjs in app directory does not allow to do so but with custom server its very much possible. ### How? By merging cookies of redirect response and server action POSt response ### Tests I have added one more test to existing suite and it passing with fix in place.  ### Notes This bug is reproducible only if developer has custom server on top of next app but still very probable --------- Co-authored-by: Shu Ding <g@shud.in> Co-authored-by: JJ Kasper <jj@jjsweb.site>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What?
Fixes #61611
Why?
Any one having custom server may be having logic to set cookies during GET requests too. Currently nextjs in app directory does not allow to do so but with custom server its very much possible.
How?
By merging cookies of redirect response and server action POSt response
Tests
I have added one more test to existing suite and it passing with fix in place.
Notes
This bug is reproducible only if developer has custom server on top of next app but still very probable