paulononato/backstage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(cookieAuth): prefer issuing cookies against target host instead of origin

Browse Source 
Signed-off-by: Phil Kuang <pkuang@factset.com>
This commit is contained in:
Phil Kuang
2024-04-09 17:48:36 -04:00
parent 96b23786f6
commit 2c50516d51
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.changeset/curly-bottles-complain.md
+5
View File
@@ -0,0 +1,5 @@
---
'@backstage/backend-app-api': patch
---
Fix auth cookie issuance for split backend deployments by preferring to set it against the request target host instead of origin
packages/backend-app-api/src/services/implementations/httpAuth/httpAuthServiceFactory.ts
+1 -1
View File
@@ -232,7 +232,7 @@ class DefaultHttpAuthService implements HttpAuthService {
const externalBaseUrlStr = await this.#discovery.getExternalBaseUrl(
this.#pluginId,
);
const externalBaseUrl = new URL(origin ?? externalBaseUrlStr);
const externalBaseUrl = new URL(externalBaseUrlStr ?? origin);
const secure =
externalBaseUrl.protocol === 'https:' ||