Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extend manageCookies from issue 1649 for web apps #1692

Open
v-krupsky opened this issue Oct 15, 2024 · 2 comments
Open

Extend manageCookies from issue 1649 for web apps #1692

v-krupsky opened this issue Oct 15, 2024 · 2 comments
Assignees
@TheNoumanDev
Labels
enhancement New feature or request

Comments

@v-krupsky
Copy link

Context: if a cookie is provided by the API requested from Ensemble, it is not stored by the browser.

Sample request and response headers are below (body does not matter).
Flutter web being run on port 9000.
FastAPI BE being run on port 8000.

Request headers:

GET / HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: keep-alive
Host: local.example.com:8000
Origin: https://local.example.com:9000
Referer: https://local.example.com:9000/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="129", "Not=A?Brand";v="8", "Chromium";v="129"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "macOS"

Response headers:

HTTP/1.1 200 OK
date: Tue, 15 Oct 2024 04:28:53 GMT
server: uvicorn
content-length: 26
content-type: application/json
set-cookie: session=660a7ec4-6c58-4394-ab98-e75923c23a11; Domain=example.com; HttpOnly; Path=/; SameSite=lax; Secure
access-control-allow-origin: https://local.example.com:9000
access-control-allow-credentials: true
access-control-allow-methods: *
access-control-allow-headers: *

Suggestion: extend manageCookies from issue #1649 for web apps to the following behaviour:
When manageCookies is true, include withCredentials = true when making API requests.

Plain JS example:
fetch('https://example.com/', {
credentials: 'include'
});
@v-krupsky
Copy link
Author

I've checked the proposed fix (withCredentials=true) by modifying http package source to make
bool withCredentials = true;
and it does solve the issue. Browser stores the cookie, it appears in requests to the API.

@kmahmood74 kmahmood74 added the enhancement New feature or request label Oct 15, 2024
@github-project-automation github-project-automation bot moved this to Backlog in Ensemble Oct 15, 2024
@kmahmood74 kmahmood74 moved this from Backlog to Ready for Work in Ensemble Oct 15, 2024
@kmahmood74
Copy link
Collaborator

kmahmood74 commented Oct 15, 2024
edited
Loading

hi @TheNoumanDev Ivan found an important issue with handling cookies from different domains that we should resolve. The http flutter package we use does not support it. So we either use a different package or enhance it a bit to support it.

Here's a long discussion on this and a neat solution someone provided

We basically need to do two things -

  1. expose a property withCredentials (default: false) in our API definition. Read that (if set) to set the value of withCredentials
  2. expose an environment variable allowCrossDomainCookies. when set to true, it will automatically set withCredentials to true for all API calls. That way user doesn't have to remember to set it everytime.

@kmahmood74 kmahmood74 assigned TheNoumanDev and unassigned snehmehta Oct 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TheNoumanDev TheNoumanDev

Labels
enhancement New feature or request
Projects
Ensemble
Status: Ready for Work
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kmahmood74 @snehmehta @TheNoumanDev @v-krupsky