Merged in fix/webview-auth (pull request #2469)

feat(SW-3124): webview auth stuck in a refresh loop * feat(SW-3124): webview auth stuck in a refresh loop Approved-by: Anton Gunnarsson
2025-06-30 08:29:19 +00:00
parent 07085d02f5
commit 167b5e7e8a
1 changed files with 5 additions and 5 deletions
--- a/apps/scandic-web/middlewares/webView.ts
+++ b/apps/scandic-web/middlewares/webView.ts
@@ -65,9 +65,10 @@ export const middleware: NextMiddleware = async (request) => {
      }
    )
  }
  const authorizationToken = request.headers.get("X-Authorization")
  const webviewTokenCookie = request.cookies.get("webviewToken")
-  const webviewToken = request.cookies.get("webviewToken")
+  if (webviewTokenCookie && webviewTokenCookie.value === authorizationToken) {
  if (webviewToken) {
    // since the token exists, this is a subsequent visit
    // we're done, allow it
    return handleWebviewRewrite({
@@ -82,8 +83,7 @@ export const middleware: NextMiddleware = async (request) => {
  try {
    // Authorization header is required for webviews
    // It should be base64 encoded
-    const authorization = request.headers.get("X-Authorization")!
+    if (!authorizationToken) {
    if (!authorization) {
      console.error("Authorization header is missing")
      return badRequest("Authorization header is missing")
    }
@@ -99,7 +99,7 @@ export const middleware: NextMiddleware = async (request) => {
    const decryptedData = await decryptData(
      env.WEBVIEW_ENCRYPTION_KEY,
      initializationVector,
-      authorization
+      authorizationToken
    )
    headers.append("Cookie", `webviewToken=${decryptedData}`)