From 167b5e7e8aa1dda28b92f9a3140602154aa61f80 Mon Sep 17 00:00:00 2001 From: Linus Flood Date: Mon, 30 Jun 2025 08:29:19 +0000 Subject: [PATCH] Merged in fix/webview-auth (pull request #2469) feat(SW-3124): webview auth stuck in a refresh loop * feat(SW-3124): webview auth stuck in a refresh loop Approved-by: Anton Gunnarsson --- apps/scandic-web/middlewares/webView.ts | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/apps/scandic-web/middlewares/webView.ts b/apps/scandic-web/middlewares/webView.ts index 346687821..1d898606a 100644 --- a/apps/scandic-web/middlewares/webView.ts +++ b/apps/scandic-web/middlewares/webView.ts @@ -65,9 +65,10 @@ export const middleware: NextMiddleware = async (request) => { } ) } + const authorizationToken = request.headers.get("X-Authorization") + const webviewTokenCookie = request.cookies.get("webviewToken") - const webviewToken = request.cookies.get("webviewToken") - if (webviewToken) { + if (webviewTokenCookie && webviewTokenCookie.value === authorizationToken) { // since the token exists, this is a subsequent visit // we're done, allow it return handleWebviewRewrite({ @@ -82,8 +83,7 @@ export const middleware: NextMiddleware = async (request) => { try { // Authorization header is required for webviews // It should be base64 encoded - const authorization = request.headers.get("X-Authorization")! - if (!authorization) { + if (!authorizationToken) { console.error("Authorization header is missing") return badRequest("Authorization header is missing") } @@ -99,7 +99,7 @@ export const middleware: NextMiddleware = async (request) => { const decryptedData = await decryptData( env.WEBVIEW_ENCRYPTION_KEY, initializationVector, - authorization + authorizationToken ) headers.append("Cookie", `webviewToken=${decryptedData}`)