Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: avoid redirect loops when axios calls an unauthorized API #6450

Merged
merged 4 commits into from
Dec 13, 2024
Merged

fix: avoid redirect loops when axios calls an unauthorized API #6450

merged 4 commits into from
Dec 13, 2024

Conversation

elevatebart
Copy link
Contributor

when axios calls an API that it is not supposed to have access to, it's immediately supposing that the JWT is expired.

It requests a refresh of the token and retries the request, which in its turn returns 401 unauthorized.

And request a new token refresh.

This loop goes on until browser crashes.

@elevatebart elevatebart added the kind/do-not-merge Don't merge label Dec 13, 2024
@elevatebart
Copy link
Contributor Author

elevatebart commented Dec 13, 2024
edited
Loading

I still have not been able to test it out.

[EDIT] tested and approved

@elevatebart elevatebart removed the kind/do-not-merge Don't merge label Dec 13, 2024
MilosPaunovic
MilosPaunovic approved these changes Dec 13, 2024
View reviewed changes
Copy link
Member

@MilosPaunovic MilosPaunovic left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've tested it by inviting new user with email only (no groups or access added), then accepted invite in different (private) window and it logged me in properly as user with no permission (which is expected) and showed me Blueprints, Plugins and Setttings pages in the left menu, which is also expected.

When I changed the URL manually to ui/dashboard it redirected me to 403 page, so also expected.

@elevatebart elevatebart merged commit ed264a5 into develop Dec 13, 2024
2 checks passed
@elevatebart elevatebart deleted the fix/redirect-loop branch December 13, 2024 11:33
elevatebart added a commit that referenced this pull request Dec 13, 2024
@elevatebart
fix: avoid redirect loops when axios calls an unauthorized API (#6450)
122b409 
* fix: avoid redirect loops when axios calls an unauthorized API

* use the proper structure for axios

* protect against empty request data
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MilosPaunovic MilosPaunovic MilosPaunovic approved these changes

@loicmathieu loicmathieu Awaiting requested review from loicmathieu

Assignees
No one assigned
Labels
None yet
Projects
Pull Requests
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@elevatebart @MilosPaunovic