Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure Static Web Apps, with Authentication, WASM fails #875

Closed
mikeirvingweb opened this issue Jul 17, 2024 · 2 comments · Fixed by #877
Closed

Azure Static Web Apps, with Authentication, WASM fails #875

mikeirvingweb opened this issue Jul 17, 2024 · 2 comments · Fixed by #877
Labels
difficulty/tbd kind/bug triage/untriaged

Comments

@mikeirvingweb
Copy link
Contributor

Current behavior

If you deploy to Azure Static Web Apps (a working Uno Platform WASM app)

then turn on basic "Password protection" authentication ("Standard" hosting required)
Screenshot 2024-07-17 at 16 10 17

then reload your app (maybe open an Incognito / Private window, for a fully fresh experience)

you will get the Azure login screen
Screenshot 2024-07-17 at 16 13 28

Enter your password, hit Submit

The page starts to load, but hangs.

Open the Dev Tools (F12) and Refresh the page to see what's going on.

In the console. Lots of errors
Screenshot 2024-07-17 at 16 16 02

and in the Network Tab, you will se that lots of the files in the package_ ... folder get issued a 302 redirect back to the authorisation page.
Screenshot 2024-07-17 at 16 19 40

If you request one of these files in a Fresh browser tab, it works
Screenshot 2024-07-17 at 16 22 03
Screenshot 2024-07-17 at 16 22 38

This is because the fresh request can see the Auth cookie.

But the Framed / Embedded request cannot.

Here is the Azure Static Web Apps Cookie - see Application Tab in Developer Tools
Screenshot 2024-07-17 at 16 24 17

This seems like a Browser security issue
see: https://stackoverflow.com/questions/68788202/page-within-iframe-not-seeing-its-own-cookies

--

I have tried various settings in my staticwebapp.config.json file to try to alleviate this, namely:

  • trying to set some content as "allowedRoles": "authenticated", some as "allowedRoles": "anonymous"
  • adding various CSP and CORS headers
Screenshot 2024-07-17 at 16 28 06

to no resolution.

--

it would appear, given the browser security settings, this would happen on other web hosting services that are looking for a cookie too.

Any suggestions?

Expected behavior

a WASM deployed app would work, behind authentication

How to reproduce it (as minimally and precisely as possible)

No response

Workaround

No response

Works on UWP/WinUI

Yes

Environment

No response

NuGet package version(s)

No response

Affected platforms

WebAssembly

IDE

No response

IDE version

No response

Relevant plugins

No response

Anything else we need to know?

No response
@mikeirvingweb
Copy link
Contributor Author

p.s. I feel this would happen behind any form of authentication that is failing due to cookie access.

@jeromelaban jeromelaban transferred this issue from unoplatform/uno Jul 19, 2024
@jeromelaban
Copy link
Member

Thanks for the report. It is likely that the .NET runtime is not propagating the required cookies for authentication to work properly.

We're using this:

Uno.Wasm.Bootstrap/src/Uno.Wasm.Bootstrap/ts/Uno/WebAssembly/Bootstrapper.ts

Line 570 in 6ee09b0

return fetch(asset);

to fetch the runtime's assets, but it may not be enough to get everything through.

@mikeirvingweb mikeirvingweb mentioned this issue Jul 19, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
difficulty/tbd kind/bug triage/untriaged
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: pass same-origin credentials - fixes #875 mikeirvingweb/Uno.Wasm.Bootstrap
2 participants
@jeromelaban @mikeirvingweb