Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AstroAuthHandler attempts to modify immutable headers #65

Closed
tueborabrian opened this issue Feb 17, 2024 · 4 comments
Closed

AstroAuthHandler attempts to modify immutable headers #65

tueborabrian opened this issue Feb 17, 2024 · 4 comments

Comments

@tueborabrian
Copy link

Using Credentials Provider with auth-astro along with the default signin page to handle authentication against an existing API that returns a cookie. This invokes AstroAuthHandler in server.ts, which attempts to extract cookies from the included with the response provided by the call to Auth. This causes a CredentialsSignin error because the attempt to delete the set-cookie header fails due to the headers being immutable.

I think this can be fixed by extracting the headers into a new object, extracting the cookies and removing the set-cookie header, and then creating a new response with the returned body and modified headers.

I patched the module in my local environment and it seems to work:

function AstroAuthHandler(prefix: string, options = authConfig) {
	return async ({ cookies, request }: APIContext) => {
		const url = new URL(request.url)
		const action = url.pathname.slice(prefix.length + 1).split('/')[0] as AuthAction

		if (!actions.includes(action) || !url.pathname.startsWith(prefix + '/')) return

		const res = await Auth(request, options)
		if (['callback', 'signin', 'signout'].includes(action)) {
			// Properly handle multiple Set-Cookie headers (they can't be concatenated in one)
			const headers = new Headers(res.headers)
			headers.getSetCookie().forEach((cookie) => {
				const { name, value, ...options } = parseString(cookie)
				// Astro's typings are more explicit than @types/set-cookie-parser for sameSite
				cookies.set(name, value, options as Parameters<(typeof cookies)['set']>[2])
			})
			headers.delete('Set-Cookie')
			return new Response(res.body, { headers })
		}
		return res
	}
}

I hope to submit a PR with this fix as soon as I get the module built in my environment so I can run tests.
@tueborabrian
Copy link
Author

Nevermind. I guess I was doing something wrong in my configuration. Everything is working now.

@tueborabrian tueborabrian closed this as not planned Won't fix, can't repro, duplicate, stale Feb 20, 2024
@taciturnaxolotl
Copy link
Contributor

Did you figure out what you were doing wrong? I'm having this same issue with the slack integration.

@jimlundblad
Copy link

jimlundblad commented May 19, 2024
edited
Loading

Did you figure out what was wrong I am getting the same error.

Stack Trace TypeError: immutable at _Headers.delete (node:internal/deps/undici/undici:2356:17)
it's the bare minimum setup:

import Auth0 from "@auth/core/providers/auth0"

export default {
    providers: [
        Auth0({
            clientId: import.meta.env.AUTH0_ID,
            clientSecret: import.meta.env.AUTH0_SECRET,
            issuer: `https://${import.meta.env.AUTH0_DOMAIN}`
        })    
    ]
  }

Nevermind. I guess I was doing something wrong in my configuration. Everything is working now.

@taciturnaxolotl
Copy link
Contributor

I was able to fix it for me by adding a few config options as described here: #58 (comment). I hope that works for you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jimlundblad @taciturnaxolotl @tueborabrian