Skip to content

Commit

Permalink
fix(toolbar): Strip the protocol from regionUrl to set cookies
Browse files Browse the repository at this point in the history
  • Loading branch information
@ryan953
ryan953 committed Dec 12, 2024
1 parent a7387f1 commit 80d2111
Showing 1 changed file with 200 additions and 0 deletions.
200 changes: 200 additions & 0 deletions src/sentry/templates/sentry/toolbar/iframe.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,206 @@
});
port1.start();

<<<<<<< Updated upstream
||||||| Stash base
return port2;
}

function getCookieValue(cookie, domain) {
return `${cookie}; domain=${domain}; path=/; max-age=31536000; SameSite=none; partitioned; secure`;
}

const loginWindowMessageDispatch = {
'did-login': ({ cookie, token }) => {
if (cookie) {
document.cookie = getCookieValue(cookie, window.location.hostname);
document.cookie = getCookieValue(cookie, regionUrl);
log('Saved a cookie', document.cookie.indexOf(cookie) >= 0);
}
if (token) {
localStorage.setItem('accessToken', token);
log('Saved an accessToken to localStorage');
}
if (!cookie && !token) {
log('Unexpected: No access token found!');
}

postStateMessage('stale');
},
};

const parentWindowMessageDispatch = {
'request-login': ({ delay_ms }) => {
const origin = window.location.origin.endsWith('.sentry.io')
? 'https://sentry.io'
: window.location.origin;

window.open(
`${origin}/toolbar/${organizationSlug}/${projectIdOrSlug}/login-success/?delay=${delay_ms ?? '0'}`,
'sentry-toolbar-auth-popup',
'popup=true,innerWidth=800,innerHeight=550,noopener=false'
);
log('Opened /login-success/', { delay_ms });
},

'request-logout': () => {
const cookie = document.cookie.split('=').at(0) + '=';
document.cookie = getCookieValue(cookie, window.location.hostname);
document.cookie = getCookieValue(cookie, regionUrl);
log('Cleared the current cookie');

const accessToken = localStorage.removeItem('accessToken')
log('Removed accessToken from localStorage');

postStateMessage('stale');
},
};

const postMessageDispatch = {
'log': log,

'fetch': async (path, init) => {
// If we have an accessToken lets use it. Otherwise we presume a cookie will be set.
const accessToken = localStorage.getItem('accessToken');
const bearer = accessToken ? { 'Authorization': `Bearer ${accessToken}` } : {};

// If either of these is invalid, or both are missing, we will
// forward the resulting 401 to the application, which will request
// tokens be destroyed and reload the iframe in an unauth state.
log('Has access info', { cookie: Boolean(document.cookie), accessToken: Boolean(accessToken) });

const url = new URL('/api/0' + path, regionUrl);
const initWithCreds = {
...init,
headers: { ...init.headers, ...bearer },
credentials: 'same-origin',
};
const response = await fetch(url, initWithCreds);
return {
ok: response.ok,
status: response.status,
statusText: response.statusText,
url: response.url,
headers: Object.fromEntries(response.headers.entries()),
text: await response.text(),
};
},
};

log('Init', { referrerOrigin, state });

if (state === 'logged-out') {
const cookie = document.cookie.split('=').at(0) + '=';
document.cookie = getCookieValue(cookie, window.location.hostname);
document.cookie = getCookieValue(cookie, regionUrl);
}

window.addEventListener('message', handleLoginWindowMessage);
window.addEventListener('message', handleParentWindowMessage);
postStateMessage(state);

if (state === 'logged-in') {
const port = getMessagePort();
=======
return port2;
}

function getCookieValue(cookie, domain) {
return `${cookie}; domain=${domain}; path=/; max-age=31536000; SameSite=none; partitioned; secure`;
}

const loginWindowMessageDispatch = {
'did-login': ({ cookie, token }) => {
if (cookie) {
document.cookie = getCookieValue(cookie, window.location.hostname);
document.cookie = getCookieValue(cookie, new URL(regionUrl).hostname);
log('Saved a cookie', document.cookie.indexOf(cookie) >= 0);
}
if (token) {
localStorage.setItem('accessToken', token);
log('Saved an accessToken to localStorage');
}
if (!cookie && !token) {
log('Unexpected: No access token found!');
}

postStateMessage('stale');
},
};

const parentWindowMessageDispatch = {
'request-login': ({ delay_ms }) => {
const origin = window.location.origin.endsWith('.sentry.io')
? 'https://sentry.io'
: window.location.origin;

window.open(
`${origin}/toolbar/${organizationSlug}/${projectIdOrSlug}/login-success/?delay=${delay_ms ?? '0'}`,
'sentry-toolbar-auth-popup',
'popup=true,innerWidth=800,innerHeight=550,noopener=false'
);
log('Opened /login-success/', { delay_ms });
},

'request-logout': () => {
const cookie = document.cookie.split('=').at(0) + '=';
document.cookie = getCookieValue(cookie, window.location.hostname);
document.cookie = getCookieValue(cookie, regionUrl);
log('Cleared the current cookie');

const accessToken = localStorage.removeItem('accessToken')
log('Removed accessToken from localStorage');

postStateMessage('stale');
},
};

const postMessageDispatch = {
'log': log,

'fetch': async (path, init) => {
// If we have an accessToken lets use it. Otherwise we presume a cookie will be set.
const accessToken = localStorage.getItem('accessToken');
const bearer = accessToken ? { 'Authorization': `Bearer ${accessToken}` } : {};

// If either of these is invalid, or both are missing, we will
// forward the resulting 401 to the application, which will request
// tokens be destroyed and reload the iframe in an unauth state.
log('Has access info', { cookie: Boolean(document.cookie), accessToken: Boolean(accessToken) });

const url = new URL('/api/0' + path, regionUrl);
const initWithCreds = {
...init,
headers: { ...init.headers, ...bearer },
credentials: 'same-origin',
};
const response = await fetch(url, initWithCreds);
return {
ok: response.ok,
status: response.status,
statusText: response.statusText,
url: response.url,
headers: Object.fromEntries(response.headers.entries()),
text: await response.text(),
};
},
};

log('Init', { referrerOrigin, state });

if (state === 'logged-out') {
const cookie = document.cookie.split('=').at(0) + '=';
document.cookie = getCookieValue(cookie, window.location.hostname);
document.cookie = getCookieValue(cookie, regionUrl);
}

window.addEventListener('message', handleLoginWindowMessage);
window.addEventListener('message', handleParentWindowMessage);
postStateMessage(state);

if (state === 'logged-in') {
const port = getMessagePort();
>>>>>>> Stashed changes
window.parent.postMessage({
source: 'sentry-toolbar',
message: 'port-connect',
Expand Down

0 comments on commit 80d2111

Please sign in to comment.