@adobe/helix-html-pipeline 3.5.0 → 3.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -0
- package/package.json +1 -1
- package/src/utils/auth-cookie.js +4 -4
- package/src/utils/auth.js +5 -4
package/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,10 @@
|
|
|
1
|
+
# [3.6.0](https://github.com/adobe/helix-html-pipeline/compare/v3.5.0...v3.6.0) (2022-10-27)
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
### Features
|
|
5
|
+
|
|
6
|
+
* also support x-fwd-scheme ([#172](https://github.com/adobe/helix-html-pipeline/issues/172)) ([845a5a0](https://github.com/adobe/helix-html-pipeline/commit/845a5a0dada33a3950ffed4f7d6a52090fa6de9a))
|
|
7
|
+
|
|
1
8
|
# [3.5.0](https://github.com/adobe/helix-html-pipeline/compare/v3.4.6...v3.5.0) (2022-10-26)
|
|
2
9
|
|
|
3
10
|
|
package/package.json
CHANGED
package/src/utils/auth-cookie.js
CHANGED
|
@@ -11,21 +11,21 @@
|
|
|
11
11
|
*/
|
|
12
12
|
import { parse, serialize } from 'cookie';
|
|
13
13
|
|
|
14
|
-
export function clearAuthCookie() {
|
|
14
|
+
export function clearAuthCookie(secure) {
|
|
15
15
|
return serialize('hlx-auth-token', '', {
|
|
16
16
|
path: '/',
|
|
17
17
|
httpOnly: true,
|
|
18
|
-
secure
|
|
18
|
+
secure,
|
|
19
19
|
expires: new Date(0),
|
|
20
20
|
sameSite: 'lax',
|
|
21
21
|
});
|
|
22
22
|
}
|
|
23
23
|
|
|
24
|
-
export function setAuthCookie(idToken) {
|
|
24
|
+
export function setAuthCookie(idToken, secure) {
|
|
25
25
|
return serialize('hlx-auth-token', idToken, {
|
|
26
26
|
path: '/',
|
|
27
27
|
httpOnly: true,
|
|
28
|
-
secure
|
|
28
|
+
secure,
|
|
29
29
|
sameSite: 'lax',
|
|
30
30
|
});
|
|
31
31
|
}
|
package/src/utils/auth.js
CHANGED
|
@@ -91,7 +91,8 @@ function getRequestHostAndProto(state, req) {
|
|
|
91
91
|
if (!host) {
|
|
92
92
|
host = state.config.host;
|
|
93
93
|
}
|
|
94
|
-
|
|
94
|
+
// fastly overrides the x-forwarded-proto, so we use x-forwarded-scheme
|
|
95
|
+
const proto = req.headers.get('x-forwarded-scheme') || req.headers.get('x-forwarded-proto') || 'https';
|
|
95
96
|
state.log.info(`request host is: ${host} (${proto})`);
|
|
96
97
|
return {
|
|
97
98
|
host,
|
|
@@ -218,7 +219,7 @@ export class AuthInfo {
|
|
|
218
219
|
res.status = 302;
|
|
219
220
|
res.body = '';
|
|
220
221
|
res.headers.set('location', url.href);
|
|
221
|
-
res.headers.set('set-cookie', clearAuthCookie());
|
|
222
|
+
res.headers.set('set-cookie', clearAuthCookie(proto === 'https'));
|
|
222
223
|
res.headers.set('cache-control', 'no-store, private, must-revalidate');
|
|
223
224
|
res.error = 'moved';
|
|
224
225
|
}
|
|
@@ -299,12 +300,12 @@ export class AuthInfo {
|
|
|
299
300
|
// ctx.attributes.authInfo?.withCookieInvalid(false);
|
|
300
301
|
|
|
301
302
|
const location = state.createExternalLocation(req.params.state.requestPath || '/');
|
|
302
|
-
log.info('[auth] redirecting to
|
|
303
|
+
log.info('[auth] redirecting to original page with hlx-auth-token cookie: ', location);
|
|
303
304
|
res.status = 302;
|
|
304
305
|
res.body = `please go to <a href="${location}">${location}</a>`;
|
|
305
306
|
res.headers.set('location', location);
|
|
306
307
|
res.headers.set('content-tye', 'text/plain');
|
|
307
|
-
res.headers.set('set-cookie', setAuthCookie(idToken));
|
|
308
|
+
res.headers.set('set-cookie', setAuthCookie(idToken, req.params.state.requestProto === 'https'));
|
|
308
309
|
res.headers.set('cache-control', 'no-store, private, must-revalidate');
|
|
309
310
|
res.error = 'moved';
|
|
310
311
|
}
|