scandic/web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in fix/webview-auth-fix-2 (pull request #2834)

Browse Source 
feat/webview: delete cookie instead of setting header in webview auth middleware

* feat/webview: delete cookie instead of setting header in webview auth middleware
This commit is contained in:
Linus Flood
2025-09-19 13:05:20 +00:00
parent 9c7904c9e0
commit 9770281863
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
apps/scandic-web/middlewares/webView.ts
View File

@@ -51,20 +51,19 @@ export const middleware: NextMiddleware = async (request) => {
// If user is redirected to /lang/webview/refresh/, the webview token is invalid and we remove the cookie // If user is redirected to /lang/webview/refresh/, the webview token is invalid and we remove the cookie
if (refreshWebviews.includes(nextUrl.pathname)) { if (refreshWebviews.includes(nextUrl.pathname)) {
return NextResponse.rewrite( const res = NextResponse.rewrite(
new URL( new URL(
`/${lang}/webview/refresh?${nextUrl.searchParams.toString()}`, `/${lang}/webview/refresh?${nextUrl.searchParams.toString()}`,
nextUrl nextUrl
), ),
{ {
headers: {
"Set-Cookie": `webviewToken=0; Max-Age=0; Secure; HttpOnly; Path=/; SameSite=Strict;`,
},
request: { request: {
headers, headers,
}, },
} }
) )
res.cookies.delete("webviewToken")
return res
} }
const authorizationToken = request.headers.get("X-Authorization") const authorizationToken = request.headers.get("X-Authorization")
const webviewTokenCookie = request.cookies.get("webviewToken") const webviewTokenCookie = request.cookies.get("webviewToken")