This repository was archived by the owner on Jan 22, 2019. It is now read-only.
Conversation
This commit fixes access token usage by: - Not setting the `authorization` header when requesting from the options page. Chrome suddenly becan rejecting the request in pre-flight checks from hte options page. - _Only_ creating access tokens when the server connection is checked in the options page. - Save the access token ID so we can ensure it still exists on the server.
chrismwendt
approved these changes
Oct 25, 2018
chrismwendt
left a comment
chrismwendt
left a comment
There was a problem hiding this comment.
I mostly skimmed looking at style
src/extension/scripts/background.tsx
Outdated
| for (const key of Object.keys(items.accessTokens)) { | ||
| const val = items.accessTokens[key] | ||
| if (typeof val !== 'string' && val.id && val.token) { | ||
| accessTokens[key] = val |
There was a problem hiding this comment.
Nitpick: key/val are pretty vague - it took me a while to realize that key is the Sourcegraph URL and val is the token.
Co-Authored-By: ijsnow <isaacjsnow@gmail.com>
|
🎉 This PR is included in version 1.18.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The problem: Chrome began rejecting requests from the browser extension options page saying that
authorizationheaders weren't allowed from that origin (the chrome extension bundle ID). This PR fixes that by not using tokens on requests coming from the options page or background script. That change brought about another issue which was simply a result of an architecture decision in the PR that introduces access tokens. The problem is that tokens would never be created since they were done on an as-needed basis at the bottom of the funnel for each request. Right before any request went out, we'd check for a token and if it didn't exist we'd create one. Now, we create a token as soon as the user enters their sourcegraph URL and never again.This commit fixes access token usage by:
Not setting the
authorizationheader whenrequesting from the options page.
Chrome suddenly began rejecting the request in
pre-flight checks from the options page.
Only creating access tokens when the server connection is checked in the
options page.
Save the access token ID so we can ensure it still exists on the
server.
Chrome
Firefox