From 86fe88ce30aa98e2cf270b192325640b2b0fd4ac Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 22 Jun 2026 15:44:29 +0000 Subject: [PATCH] fix(navbar): recognize authenticated users by using credentials include in fetch Previously, the checkUserAuth function would bail out immediately when the provider_token cookie was not available on the docs subdomain. This meant users who were authenticated on cloud.layer5.io were not recognized on docs.layer5.io, particularly in browsers like Safari with strict cookie policies. The fix adds credentials: 'include' to the fetch request so the browser sends cloud.layer5.io's session cookies with the API call, and removes the early bailout when the local cookie is missing. Fixes #1112 --- layouts/partials/navbar.html | 40 +++++++++++++++++++++--------------- package-lock.json | 30 +++++++++++++-------------- 2 files changed, 39 insertions(+), 31 deletions(-) diff --git a/layouts/partials/navbar.html b/layouts/partials/navbar.html index f814aff57ab..efddf103db8 100644 --- a/layouts/partials/navbar.html +++ b/layouts/partials/navbar.html @@ -295,23 +295,29 @@ const checkUserAuth = async () => { try { - const token = getCookieValue("provider_token"); - if (!token || token === expiredToken) { // cookie doesn't exist or has expired (due to user logout) - if (isUserAuthenticated) { - showSignInButton(); - isUserAuthenticated = false; - } - throw new Error("missing or expired cookie"); - } - const re = await fetch(`${cloudAppUrl}/api/identity/users/profile`, { + const token = getCookieValue("provider_token"); + + if (token && token === expiredToken) { + throw new Error("expired cookie"); + } + + const fetchOptions = { method: 'GET', - headers: { + credentials: 'include', + }; + + if (token) { + fetchOptions.headers = { 'Authorization': `Bearer ${token}`, - }, - }); + }; + } + + const re = await fetch(`${cloudAppUrl}/api/identity/users/profile`, fetchOptions); - if (re.status === 401) { // cookie has expired - expiredToken = token; + if (re.status === 401) { + if (token) { + expiredToken = token; + } throw new Error("unauthorized"); } if (re.status !== 200) { @@ -322,11 +328,13 @@ updateUI(response); } catch (error) { - // console.error("could not set user details.", error); showSignInButton(); + if (isUserAuthenticated) { + isUserAuthenticated = false; + } } }; - function getAvatarUrl(response) { + function getAvatarUrl(response) { const avatarUrl = response?.avatarUrl; return (typeof avatarUrl === 'string' && avatarUrl.trim()) || ''; diff --git a/package-lock.json b/package-lock.json index 78f5ce407aa..7a86c1657a4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -840,21 +840,6 @@ "url": "https://github.com/sponsors/SuperchupuDev" } }, - "node_modules/typescript": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.2.tgz", - "integrity": "sha512-bGdAIrZ0wiGDo5l8c++HWtbaNCWTS4UTv7RaTH/ThVIgjkveJt83m74bBHMJkuCbslY8ixgLBVZJIOiQlQTjfQ==", - "dev": true, - "license": "Apache-2.0", - "peer": true, - "bin": { - "tsc": "bin/tsc", - "tsserver": "bin/tsserver" - }, - "engines": { - "node": ">=14.17" - } - }, "node_modules/tinyglobby/node_modules/fdir": { "version": "6.5.0", "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz", @@ -898,6 +883,21 @@ "node": ">=8.0" } }, + "node_modules/typescript": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.2.tgz", + "integrity": "sha512-bGdAIrZ0wiGDo5l8c++HWtbaNCWTS4UTv7RaTH/ThVIgjkveJt83m74bBHMJkuCbslY8ixgLBVZJIOiQlQTjfQ==", + "dev": true, + "license": "Apache-2.0", + "peer": true, + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=14.17" + } + }, "node_modules/universalify": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz",