Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

set Path attribute in auth cookie to fix proxy auth in chrome #38

Merged
merged 1 commit into from
Nov 29, 2023
Merged

set Path attribute in auth cookie to fix proxy auth in chrome #38

merged 1 commit into from
Nov 29, 2023

Conversation

psFried
Copy link
Member

@psFried psFried commented Nov 28, 2023

Authentication for private ports was broken in Chrome, and perhaps other browsers too. This was caused by the browser rejecting the __Host-flow_auth cookie that was attempted to be set by data-plane-gateway. The browser was rejecting the cookie for a seemingly legitimate reason: the spec says it has to be there. I suspect that Firefox was more lax in this case because Path=/ is semantically equivalent to it not being set at all. In any case, adding the Path=/ allows authenticated access to private ports to work properly in both Chrome and Firefox.

Fixes estuary/connectors#695

@psFried
set Path attribute in auth cookie to fix proxy auth in chrome
6c7bc40 
Authentication for private ports was broken in Chrome, and perhaps other
browsers too.  This was caused by the browser rejecting the `__Host-flow_auth`
cookie that was attempted to be set by data-plane-gateway.  The browser was
rejecting the cookie for a seemingly legitimate reason: the spec says it has to
be there.  I suspect that Firefox was more lax in this case because `Path=/` is
semantically equivalent to it not being set at all.  In any case, adding the
`Path=/` allows authenticated access to private ports to work properly in both
Chrome and Firefox.
williamhbaker
williamhbaker approved these changes Nov 29, 2023
View reviewed changes
Copy link
Member

@williamhbaker williamhbaker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔥

@psFried psFried merged commit ca10b52 into main Nov 29, 2023
1 check passed
@psFried psFried deleted the phil/auth-cookie-path branch November 29, 2023 12:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@williamhbaker williamhbaker williamhbaker approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SQLite Materialization Never Authenticates
2 participants
@psFried @williamhbaker