Skip to content

fix(navbar): recognize authenticated users with active sessions#1113

Merged
leecalcote merged 1 commit into
masterfrom
copilot/fix-issue-1112
Jun 30, 2026
Merged

fix(navbar): recognize authenticated users with active sessions#1113
leecalcote merged 1 commit into
masterfrom
copilot/fix-issue-1112

Conversation

Copilot AI commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

Authenticated users on cloud.layer5.io were not recognized on docs.layer5.io because checkUserAuth bailed out before making the API call when the provider_token cookie wasn't present on the docs subdomain. Safari and other browsers with strict cookie isolation are particularly affected.

Changes:

  • Removed early throw when provider_token cookie is absent — the function now always attempts the API call
  • Added credentials: 'include' to the fetch so the browser sends cloud.layer5.io session cookies cross-origin
  • ****** still sent when the local cookie exists (backward compatible)
const fetchOptions = {
  method: 'GET',
  credentials: 'include',
};

if (token) {
  fetchOptions.headers = {
    'Authorization': `******
  };
}

const re = await fetch(`${cloudAppUrl}/api/identity/users/profile`, fetchOptions);

Note: This requires the cloud.layer5.io API to respond with appropriate Access-Control-Allow-Credentials: true and Access-Control-Allow-Origin headers for docs.layer5.io. If CORS isn't already configured for credentialed requests, a corresponding server-side change will be needed.

…de in fetch

Previously, the checkUserAuth function would bail out immediately when the
provider_token cookie was not available on the docs subdomain. This meant
users who were authenticated on cloud.layer5.io were not recognized on
docs.layer5.io, particularly in browsers like Safari with strict cookie policies.

The fix adds credentials: 'include' to the fetch request so the browser sends
cloud.layer5.io's session cookies with the API call, and removes the early
bailout when the local cookie is missing.

Fixes #1112
@github-actions

github-actions Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor
PR Preview Action v1.6.3
Preview removed because the pull request was closed.
2026-06-30 01:11 UTC

@fitzergerald fitzergerald marked this pull request as ready for review June 30, 2026 00:47
Copilot AI review requested due to automatic review settings June 30, 2026 00:47

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the docs site navbar auth check so that users with an active Layer5 Cloud session (via cloud.layer5.io cookies) are recognized on docs.layer5.io, even when the provider_token cookie is not present on the docs subdomain (notably impacting Safari/strict cookie isolation).

Changes:

  • Removes the early failure when provider_token is missing; the profile API call is now attempted regardless.
  • Adds credentials: 'include' to the profile fetch request so cross-origin Cloud session cookies are sent.
  • Keeps sending the Authorization: Bearer ... header when a local provider_token cookie exists (backward compatible).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
package-lock.json Reorders the existing typescript@6.0.2 entry (no functional dependency change).
layouts/partials/navbar.html Updates checkUserAuth to always attempt the Cloud profile fetch and include credentials for session-cookie-based auth.

@leecalcote leecalcote merged commit 77b7db8 into master Jun 30, 2026
5 checks passed
@leecalcote leecalcote deleted the copilot/fix-issue-1112 branch June 30, 2026 01:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants