Manually define cookie domain #205
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
we can be smart and just derive the cookie domain (which is the most specific available shared subdomain of the api and frontend) by parsing the api host name and frontend host name and working out the subdomain hierarchy there. This has the advantage of us not needing to thing about domain structure when setting up the configuration - rather we can just pass in the full hostnames of the apps, which we're more likely to have available rather than the nebulous concept of a shared domain which varies wildly based on running locally vs on paas/on ecs. This function splits the host name by dot, (so download.documents.service.gov.uk becomes ["uk", "gov", "service", "documents", "download"]) and then loops through both api and frontend at the same time.
leohemsted
commented
Jan 4, 2024
| ), | ||
| # running locally outside of docker is no longer supported? :thinking_face: | ||
| pytest.param( | ||
| "http://localhost:7001", "http://localhost:7002", None, marks=pytest.mark.xfail(raises=ValueError) |
There was a problem hiding this comment.
i suspect that the cookies never worked previously if you ran natively on your laptop (rather than under document-download.localhost a la docker compose), but it only happened at cookie-setting-time - which is only if you have confirm emails set to true.
it's got the same function as the frontend hostname, but is only used on dev. note this needs a matching change to notifications-local
leohemsted
added a commit
to alphagov/notifications-local
that referenced
this pull request
Jan 10, 2024
instead of server_name. this is now used on all hosted envs to work out cookie details - see alphagov/document-download-frontend#205 for details. note: you will need to update your private doc dl frontend file to reflect the change in var name diff --git a/document-download-frontend.env.tmpl b/document-download-frontend.env.tmpl index b6f4412..a959450 100644 --- a/document-download-frontend.env.tmpl +++ b/document-download-frontend.env.tmpl @@ -4,7 +4,7 @@ FLASK_DEBUG=1 WERKZEUG_DEBUG_PIN=off NOTIFY_ENVIRONMENT=development -SERVER_NAME=frontend.document-download.localhost:7001 +DOCUMENT_DOWNLOAD_FRONTEND_HOST_NAME=frontend.document-download.localhost:7001 API_HOST_NAME=http://notify-api.localhost:6011 DOCUMENT_DOWNLOAD_API_HOST_NAME=http://api.document-download.localhost:7000
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
we can be smart and just derive the cookie domain (which is the most specific available shared subdomain of the api and frontend) by parsing the api host name and frontend host name and working out the subdomain hierarchy there.
This has the advantage of us not needing to thing about domain structure when setting up the configuration - rather we can just pass in the full hostnames of the apps, which lets us not worry about the domains the two apps are running on varying significantly based on running locally vs on paas/on ecs.
This function splits the host name by dot, (so download.documents.service.gov.uk becomes ["uk", "gov", "service", "documents", "download"]) and then loops through both api and frontend at the same time.
🚨⚠️ This will be deployed automatically all the way to production when you click merge ⚠️ 🚨
For more information, including how to check this deployment on preview or staging first before it goes to production, see our team wiki section on deployment