Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix a bug where JWT on relative paths #604

Merged
merged 2 commits into from
Jun 6, 2019
Merged

Fix a bug where JWT on relative paths #604

merged 2 commits into from
Jun 6, 2019

Conversation

driverpt
Copy link
Contributor

Fixes #603

@driverpt driverpt requested a review from a team May 30, 2019 16:00
@driverpt
Copy link
Contributor Author

Any prediction when this is going to be merged & released ?

@crooksey
Copy link
Contributor

crooksey commented Jun 5, 2019

Are you aware this a duplicate of pull request #542 ?

@driverpt
Copy link
Contributor Author

driverpt commented Jun 5, 2019

How is this a duplicate of #542 ?
image

@crooksey
Copy link
Contributor

crooksey commented Jun 5, 2019

Sorry, commented on wrong issue.

@crooksey
Copy link
Contributor

crooksey commented Jun 5, 2019

Was meant for PR #600

davidpatrick
davidpatrick suggested changes Jun 5, 2019
View reviewed changes
src/jwt.interceptor.ts Outdated
@@ -40,15 +40,15 @@ export class JwtInterceptor implements HttpInterceptor {

isWhitelistedDomain(request: HttpRequest<any>): boolean {
const requestUrl: any = parse(request.url, false, true);

const requestHost: string = requestUrl.host || (location && location.host)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In order to not block potential universal support, can we do a typeof check here on location?

Copy link
Contributor Author

@driverpt driverpt Jun 5, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

image

typeof location === 'object'

???

Nevermind, just forgot that this is Typescript, sorry about dat :(

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@davidpatrick davidpatrick merged commit 33e441f into auth0:master Jun 6, 2019
stevehobbsdev pushed a commit that referenced this pull request Jun 27, 2019
Revert "Merge pull request #604 from driverpt/patch-1"
19f19d6 
Reverting this merge as it introduces an undesirable change to the
default whitelisting behaviour. See 0287bcb#r34107408

This reverts commit 33e441f, reversing
changes made to 5f8db7f.
stevehobbsdev pushed a commit that referenced this pull request Jun 28, 2019
Merge pull request #609 from auth0/revert-#603
a6022dc 
Revert "Merge pull request #604 from driverpt/patch-1"
@driverpt
Copy link
Contributor Author

driverpt commented Jul 15, 2019
edited
Loading

@stevehobbsdev , that is the correct behaviour. If you're redirecting to an S3 Bucket, since the initial request to the server has no Host, it will always add the JWT Headers, which will result in 403 Errors from AWS.

@driverpt driverpt deleted the patch-1 branch July 16, 2019 10:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidpatrick davidpatrick davidpatrick approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

No host causes requests to set JWT
4 participants
@driverpt @crooksey @stevehobbsdev @davidpatrick