-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix fetchHttpClient issue with redirects #21051
Conversation
Browsers expect to handle redirects automatically when using fetch, much like XMLHttpRequest's default behavior. The fact that fetch() lets you set a "manual" mode, isn't intended for common use, but rather for a specific Service Worker scenario. The response sent back is heavily redacted and contains neither the true status or any HTTP headers from the response.
@@ -75,7 +75,6 @@ async function makeRequest(request: PipelineRequest): Promise<PipelineResponse> | |||
headers: headers, | |||
signal: abortController.signal, | |||
credentials: request.withCredentials ? "include" : "same-origin", | |||
redirect: "manual", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Allowing Fetch to automatically handle redirects means that our redirectPolicy
will never kick in for browsers right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If that's the behavior we want, I think it would be worth adding a comment in the redirect policy mentioning this, it would save future us a headache trying to debug redirects and realize later that Fetch is handling it for us
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, the policy won't kick in, but it won't kick in now since we get back status: 0
and no headers. I'll add a comment here too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interesting, thanks for linking to the context!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks Jeff!!!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This makes sense.
revert remaining readonly on collection (Azure#21051)
[2022-04-01-preview] Add New Api-version for Microsoft.ApiManagement (Azure#20399) * Adds base for updating Microsoft.ApiManagement from version preview/2021-12-01-preview to version 2022-04-01-preview * Updates readme * Updates API version in new specs and examples * APIM Auth Servers (Azure#19234) * APIM Auth Servers * adding x-ms-identifiers * removing some weird, invisible special char * formatting * oAuth2AuthenticationSettings moved to AuthSettings * Formatting Co-authored-by: Milan Zolota <[email protected]> * API Management Authorization Endpoints (Azure#19615) * Add blockchain to latest profile * Add additional types * add authorizations definitions * authorizations operations * add examples * update readme * fix examples * fix linter delete errors * address CI validation errors * prettier fix * update to 2022-04 * fix readme * Update specification/apimanagement/resource-manager/Microsoft.ApiManagement/preview/2022-04-01-preview/apimauthorizationproviders.json Co-authored-by: Sean Kim <[email protected]> * update versions * Apply suggestions from code review Co-authored-by: Mark Cowlishaw <[email protected]> Co-authored-by: Annaji Sharma Ganti <[email protected]> Co-authored-by: Annaji Sharma Ganti <[email protected]> * Move Long running Create Operation from Location based to Azure-AsyncOperation Header (Azure#19733) * azure-asyncOperation * prettier * fix(apim): Add missing 'metrics' property to diagnostics contract in 2022-04-01-preview (Azure#20317) * apim /PUT apis import add translateRequiredQueryParameters (Azure#20333) * [2022-04-01-preview] Replace resource with proxyresource and TrackedResource (Azure#20461) * replace resource with proxyresource * revert to proxyresource * Add type object to authorization definitions (Azure#20631) Authorization definitions were missing "type": "object", and this change adds that key/value pair * Add type object to policy fragment definition (Azure#20585) * APIM Open ID Connect providers (Azure#20622) * APIM Open ID Connect providers * added new proeprties for update * prettier * [APIM] Add Nat Gateway (Azure#19990) * Update apimdeployment.json * Create ApiManagementCreateServiceWithNatGatewayEnabled.json * fix typo in file * Change Nat Gateway property to enum * modify type of natgateway state * update property name * add example reference * small fix in example * rename to outboundPublicIPAddresses Co-authored-by: Samir Solanki <[email protected]> * [2022-04-01-preview] MIgrate2Stv2 API (Azure#20504) * migrate2stv2 * updated to post * 202 and location * add body to 202 * remove body from 202 Co-authored-by: Vatsa Patel <[email protected]> Co-authored-by: Samir Solanki <[email protected]> Co-authored-by: [email protected] <[email protected]> * Address Authorizations MissingTypeObject errors (Azure#20919) * Add forgotten If-Match header (Azure#20920) * Add forgotten If-Match header `If-Match` header for the `DeleteAuthorizationAccessPolicy.json file` was forgotten. This change adds the wildcard character for the `If-Match` header for that file. * Update ApiManagementDeleteAuthorization.json * Use common types for specs and count as readonly (Azure#21023) * common types * count readonly * Sasolank/more review comments (Azure#21025) * XML * proxy to gateway * Update Authorizations Spec (Azure#21027) * Update definitions.json Update wording for PostGetLoginLink endpoint description * Update apimauthorizationproviders.json Add 201 response to all Authorization PUT requests * Updated examples and fixed formatting There was a formatting issue within apimauthorizationproviders.json, and the Authorization examples needed to be updated with the new 201 responses for creating/updating Authorization entities. * Add long-running-operation key/value Added x-ms-long-running-operation: true to Authorization PUT requests * Remove long-running-operations * readonly revert (Azure#21050) * Set SchemaContract.Document as required. (Azure#20110) * Updated documentation of the SchemaContract. Server use to return code 500 in case SchemaContract.Document is null. That issue was fixed in the APIM and server will return proper response code. * Fix AzureApiValidation * update field with properties * revert remaining readonly on collection (Azure#21051) * Change to camel casing for "accesspolicies" (Azure#21070) * Change to camel casing for "accesspolicies" * More camel casing updates for access policies * list example fixed (Azure#21089) * fix definition (Azure#21110) * upgrade to v3 for common types (Azure#21109) * upgrade to v3 * Space * revert to v2 proxyResource Co-authored-by: Milan Zolota <[email protected]> Co-authored-by: Milan Zolota <[email protected]> Co-authored-by: Sean D Kim <[email protected]> Co-authored-by: Mark Cowlishaw <[email protected]> Co-authored-by: Annaji Sharma Ganti <[email protected]> Co-authored-by: Annaji Sharma Ganti <[email protected]> Co-authored-by: Tom Kerkhove <[email protected]> Co-authored-by: Korolev Dmitry <[email protected]> Co-authored-by: Logan Zipkes <[email protected]> Co-authored-by: Rafał Mielowski <[email protected]> Co-authored-by: malincrist <[email protected]> Co-authored-by: GuanchenIntern <[email protected]> Co-authored-by: VatsaPatel <[email protected]> Co-authored-by: Vatsa Patel <[email protected]> Co-authored-by: [email protected] <[email protected]> Co-authored-by: Maxim Agapov <[email protected]>
Browsers expect to handle redirects automatically when using fetch, much like XMLHttpRequest's default behavior.
The fact that fetch() lets you set a "manual" mode, isn't intended for common use, but rather for a specific Service Worker scenario. The response sent back is heavily redacted and contains neither the true status or any HTTP headers from the response.
Some more context: https://stackoverflow.com/questions/42716082/fetch-api-whats-the-use-of-redirect-manual/42717388
Since this is blocking redirect scenarios, I think we should release another hotfix after @sarangan12 validates it against our AutoRest collateral.