Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(adapter-nextjs): set cookie secure: false with non-SSL domain #13841

Open
wants to merge 1 commit into
base: hui/fix/adapter-nextjs/5-handler-type-def
Choose a base branch
from
Open

feat(adapter-nextjs): set cookie secure: false with non-SSL domain #13841

wants to merge 1 commit into from

Conversation

HuiSF
Copy link
Member

@HuiSF HuiSF commented Sep 23, 2024

Description of changes

  1. Set secure: false with non-SSL domains
  2. Add validation of the origin string

Issue #, if available

Description of how you validated changes

  • Unit tests

Checklist

  • PR description included
  • yarn test passes
  • Unit Tests are changed or added
  • Relevant documentation is changed or added (and PR referenced)

Checklist for repo maintainers

  • Verify E2E tests for existing workflows are working as expected or add E2E tests for newly added workflows
  • New source file paths included in this PR have been added to CODEOWNERS, if appropriate

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@HuiSF HuiSF force-pushed the hui/fix/adapter-nextjs/5-handler-type-def branch from 7a35370 to 0779333 Compare October 1, 2024 23:03
@HuiSF HuiSF requested a review from a team as a code owner October 1, 2024 23:03
@HuiSF HuiSF force-pushed the hui/feat/adapter-nextjs/6-secure-for-non-ssl branch from 6edd287 to 72693a6 Compare October 1, 2024 23:04
AllanZhengYP
AllanZhengYP approved these changes Oct 14, 2024
View reviewed changes
packages/adapter-nextjs/src/auth/utils/isValidOrigin.ts

// a regular expression that validates the origin string to be any valid origin, and allowing local development localhost
const originRegex =
/^(http:\/\/localhost(:\d{1,5})?)|(https?:\/\/[a-z0-9-]+(\.[a-z0-9-]+)*(:\d{1,5})?)$/;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this regex sourced from any spec? If so, it'd be better to attach the source.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jjarvisp jjarvisp jjarvisp approved these changes

@AllanZhengYP AllanZhengYP AllanZhengYP approved these changes

@ukhan-amazon ukhan-amazon Awaiting requested review from ukhan-amazon

@haverchuck haverchuck Awaiting requested review from haverchuck haverchuck is a code owner

@cshfang cshfang Awaiting requested review from cshfang cshfang is a code owner

@jimblanc jimblanc Awaiting requested review from jimblanc

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@HuiSF @AllanZhengYP @jjarvisp