-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some set-cookie headers not being returned #171
Comments
Theorizing: maybe the rewrite has something to do with it, and Azure preemptively filters out cookies that don't match the current path (which was re-written to /__sk_render). |
I suspect this is related: Azure/static-web-apps#760 |
@geoffrich I made a minimal repro here: https://github.com/githubnext/azureswacookies and I'm in discussions with Azure SWA support folks about it, will keep you posted |
@geoffrich so @IvanJobs (from Azure) dug into it, and @lukeed and I both did some investigation as well. tl;dr we still don't know what's causing this, Azure thinks it's not Azure Per Ivan, it looks like cookies set in regular @lukeed and I ran down the logic in SK, thinking that either the But none of the values here look wrong. And if either path or domain did not match, then I'd expect SK to refuse to enumerate them later. But we're clearly able to enumerate the cookie that isn't getting sent with In short, our clues:
@geoffrich hopefully this helps narrow it down, I'm pretty stumped. |
@geoffrich ok we found our specific problem! Azure refuses to honor cookies with super long I'm talking with the Azure folks about documenting this and maybe changing their behavior here. |
Ah, good find! Though when I originally ran into this issue it doesn't appear like I was setting a max-age at all. It's been a bit; I'll try to find some time to see if my original demo issue still repros. |
This is interesting. I seem to be having problems related to this issue when attempting to authenticate users via supabase auth. Locally this is working fine, even with the Azure SWA CLI. In my hooks.server.ts I have:
But when I inspect the network traffic, the supabase 'sb' cookies are never set in the Request Headers. Curious if this is related or not. |
@ranaldsgift this is exactly what we experienced (we also use supabase). The sb-WHATEVER cookies weren't being passed along by SWA because their max-age was too long. Update your dependencies; Supabase shipped a change that lowered the max-age on their cookies to one year and that sorted us out. |
Discovered while working on #170
I fixed an issue with cookies in the SK v2 branch by setting
path: '/'
instead of the default path: 72e5b3aThe SK v1 version of the demo returned
path: '/'
by default, so we didn't run into this issue. Example of set-cookie header with v1:The new demo uses
path: ''
, which maps topath=/sverdle
. For some reason, even though we return this cookie in the response from the SSR Azure function, theset-cookie
header is not present in the response that makes it to the browser. Example of function log:This doesn't happen on the deployed Vercel demo, so it must be Azure-specific.
Need to create a minimal repro, ideally without SK (or even SWA).
The text was updated successfully, but these errors were encountered: