fix(core): preserve incoming set cookies #6029
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 1 Ignored Deployment
|
balazsorban44
temporarily deployed
to
Preview
GitHub Actions
Inactive
|
🎉 Experimental release published 📦️ on npm! pnpm add [email protected]yarn add [email protected]npm i [email protected] |
balazsorban44
had a problem deploying
to
Preview
GitHub Actions
Failure
ThangHuuVu
pushed a commit
to ThangHuuVu/next-auth
that referenced
this pull request
Dec 12, 2022
* fix(core): properly construct url (nextauthjs#5984) * chore(release): bump package version(s) [skip ci] * fix(core): add protocol if missing * fix(core): throw error if no action can be determined * test(core): fix test * chore(release): bump package version(s) [skip ci] * chore(docs): add new tutorial (nextauthjs#5604) Co-authored-by: Nico Domino <[email protected]> * fix(core): handle `Request` -> `Response` regressions (nextauthjs#5991) * fix(next): don't override `Content-Type` by `unstable_getServerSession` * fix(core): handle `,` while setting `set-cookie` * chore(release): bump package version(s) [skip ci] * fix(sequelize): increase sequelize `id_token` column length (nextauthjs#5929) Co-authored-by: Nico Domino <[email protected]> * fix(core): correct status code when returning redirects (nextauthjs#6004) * fix(core): correctly set status when returning redirect * update tests * forward other headers * update test * remove default 200 status * fix(core): host detection/NEXTAUTH_URL (nextauthjs#6007) * rename `host` to `origin` internally * rename `userOptions` to `authOptions` internally * use object for `headers` internally * default `method` to GET * simplify `unstable_getServerSession` * allow optional headers * revert middleware * wip getURL * revert host detection * use old `detectHost` * fix/add some tests wip * move more to core, refactor getURL * better type auth actions * fix custom path support (w/ api/auth) * add `getURL` tests * fix email tests * fix assert tests * custom base without api/auth, with trailing slash * remove parseUrl from assert.ts * return 400 when wrong url * fix tests * refactor * fix protocol in dev * fix tests * fix custom url handling * add todo comments * chore(release): bump package version(s) [skip ci] * update lock file * fix(next): correctly bundle next-auth/middleware fixes nextauthjs#6025 * fix(core): preserve incoming set cookies (nextauthjs#6029) * fix(core): preserve `set-cookie` by the user * add test * improve req/res mocking * refactor * fix comment typo * chore(release): bump package version(s) [skip ci] * make logos optional * sync with `next-auth` * clean up `next-auth/edge` * sync Co-authored-by: Balázs Orbán <[email protected]> Co-authored-by: Thomas Desmond <[email protected]> Co-authored-by: Nico Domino <[email protected]> Co-authored-by: Cyril Perraud <[email protected]>
balazsorban44
added a commit
that referenced
this pull request
Dec 13, 2022
* WIP use `Request` and `Response` for core * bump Next.js * rename ts types * refactor * simplify * upgrade Next.js * implement body reader * use `Request`/`Response` in `next-auth/next` * make linter happy * revert * fix tests * remove workaround for middleware return type * return session in protected api route example * don't export internal handler * fall back host to localhost * refactor `getBody` * refactor `next-auth/next` * chore: add `@edge-runtime/jest-environment` * fix tests, using Node 18 as runtime * fix test * remove patch * upgrade/add dependencies * type and default import on one line * don't import all adapters by default in dev * simplify internal endpoint config Instead of passing url and params around as a string and an object, we parse them into a `URL` instance. * assert if both endpoint and issuer config is missing * allow internal redirect to be `URL` * mark clientId as always internally, fix comments * add web-compatible authorization URL handling * fix type * fix neo4j build * remove new-line * reduce file changes in the PR * simplify types * refactor `crypto` usage In Node.js, inject `globalThis.crypto` instead of import * add `next-auth/web` * refactor * send header instead of body to indicate redirect response * fix eslint * fix tests * chore: upgrade dep * fix import * refactor: more renames * wip core * support OIDC * remove `openid-client` * temprarily remove duplicate logos * revert * move redirect logic to core * feat: add sveltekit auth * wip fix css * revert Logo component * output ESM * fix logout * deprecate OAuth 1, simplify internals, improve defaults * refactor providers, test facebook * fix providers * target es2020 * fix CSS * fix AuthHandler, add getServerSession * update lock file * make logos optional * sync with `next-auth` * clean up `next-auth/edge` * sync * Sync (#2) * fix(core): properly construct url (#5984) * chore(release): bump package version(s) [skip ci] * fix(core): add protocol if missing * fix(core): throw error if no action can be determined * test(core): fix test * chore(release): bump package version(s) [skip ci] * chore(docs): add new tutorial (#5604) Co-authored-by: Nico Domino <[email protected]> * fix(core): handle `Request` -> `Response` regressions (#5991) * fix(next): don't override `Content-Type` by `unstable_getServerSession` * fix(core): handle `,` while setting `set-cookie` * chore(release): bump package version(s) [skip ci] * fix(sequelize): increase sequelize `id_token` column length (#5929) Co-authored-by: Nico Domino <[email protected]> * fix(core): correct status code when returning redirects (#6004) * fix(core): correctly set status when returning redirect * update tests * forward other headers * update test * remove default 200 status * fix(core): host detection/NEXTAUTH_URL (#6007) * rename `host` to `origin` internally * rename `userOptions` to `authOptions` internally * use object for `headers` internally * default `method` to GET * simplify `unstable_getServerSession` * allow optional headers * revert middleware * wip getURL * revert host detection * use old `detectHost` * fix/add some tests wip * move more to core, refactor getURL * better type auth actions * fix custom path support (w/ api/auth) * add `getURL` tests * fix email tests * fix assert tests * custom base without api/auth, with trailing slash * remove parseUrl from assert.ts * return 400 when wrong url * fix tests * refactor * fix protocol in dev * fix tests * fix custom url handling * add todo comments * chore(release): bump package version(s) [skip ci] * update lock file * fix(next): correctly bundle next-auth/middleware fixes #6025 * fix(core): preserve incoming set cookies (#6029) * fix(core): preserve `set-cookie` by the user * add test * improve req/res mocking * refactor * fix comment typo * chore(release): bump package version(s) [skip ci] * make logos optional * sync with `next-auth` * clean up `next-auth/edge` * sync Co-authored-by: Balázs Orbán <[email protected]> Co-authored-by: Thomas Desmond <[email protected]> Co-authored-by: Nico Domino <[email protected]> Co-authored-by: Cyril Perraud <[email protected]> * merge * clean up sveltekit auth handler * upgrade playground to latest * upgrade sveltekit auth to latest * Some more refactoring * feat: extract type to core and reuse in sveltekit * remove uuid * make secret required in dev * remove todo comments * pass through OAuth client options * generate declaration map * default env secret to AUTH_SECRET * temporary Headers fix * move pages to lib * move errors to lib * move pages/index to lib * move routes to lib * move init to lib * move styles to lib * move types to lib * move utils to lib * fix imports * update ignore/clean patterns * fix imports * update styles ts * update gitignore * update exports field * revert `next-auth` * remove extra tsconfig files * remove `private` from package.json * revert * feat sveltekit * commit * remove unused file, expose type * remove nextauth_url, memoize locals.getSession * move to dependency * fix * format * fix post build * simplify * fix lock file * add packages/frameworks * update package.json * update gitignore * Delete .gitignore * Update types.ts * Update tsconfig.dev.json * skip test * format * skip format/lint Co-authored-by: Balázs Orbán <[email protected]> Co-authored-by: Balázs Orbán <[email protected]> Co-authored-by: Thomas Desmond <[email protected]> Co-authored-by: Nico Domino <[email protected]> Co-authored-by: Cyril Perraud <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Via Advanced Initialization, the user is able to add their own cookies through the
set-cookieheader, and we should preserve those.Fixes #6023