Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

handle:middleware/auth-express #1436

Open
wants to merge 5 commits into
base: main
Choose a base branch
from

Conversation

admirsaheta
Copy link
Contributor

WHY are these changes introduced?

Fixes #1420

The current implementation of validateAuthenticatedSession does not handle CORS preflight OPTIONS requests properly. These requests are being blocked by the authentication middleware, causing issues with cross-origin resource sharing.

WHAT is this pull request doing?

This pull request introduces handling for preflight OPTIONS requests in the validateAuthenticatedSession middleware. The change ensures that preflight requests bypass authentication checks and respond with the appropriate CORS headers, fixing the issue of blocked preflight requests.

Additionally, TypeScript documentation (TSDoc) has been added to the middleware and related functions to provide clarity on their purpose and functionality.

Changes include:

  • Added a check for OPTIONS requests within the middleware.
  • Responded with the necessary CORS headers and a 200 OK status for preflight requests.
  • Added TSDoc to improve code readability and maintainability.

Type of change

  • Patch: Bug (non-breaking change which fixes an issue)
  • Minor: New feature (non-breaking change which adds functionality)
  • Major: Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist

  • I have used pnpm changeset to create a draft changelog entry (do NOT update the CHANGELOG.md files manually)
  • I have added/updated tests for this change
  • I have documented new APIs/updated the documentation for modified APIs (for public APIs)

@admirsaheta admirsaheta requested a review from a team as a code owner August 29, 2024 08:20
Copy link

@noskap noskap left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Copy link
Contributor

@lizkenyon lizkenyon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will need to add tests for this change.

You may want to review the tests for adding the options headers here.

Did you test that post-purchase extension requests now work successfully?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Admin extensions preflight authentication
3 participants