fix(navbar): recognize authenticated users with active sessions#1113
Merged
Conversation
…de in fetch Previously, the checkUserAuth function would bail out immediately when the provider_token cookie was not available on the docs subdomain. This meant users who were authenticated on cloud.layer5.io were not recognized on docs.layer5.io, particularly in browsers like Safari with strict cookie policies. The fix adds credentials: 'include' to the fetch request so the browser sends cloud.layer5.io's session cookies with the API call, and removes the early bailout when the local cookie is missing. Fixes #1112
Copilot created this pull request from a session on behalf of
fitzergerald
June 22, 2026 15:45
View session
Contributor
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the docs site navbar auth check so that users with an active Layer5 Cloud session (via cloud.layer5.io cookies) are recognized on docs.layer5.io, even when the provider_token cookie is not present on the docs subdomain (notably impacting Safari/strict cookie isolation).
Changes:
- Removes the early failure when
provider_tokenis missing; the profile API call is now attempted regardless. - Adds
credentials: 'include'to the profile fetch request so cross-origin Cloud session cookies are sent. - Keeps sending the
Authorization: Bearer ...header when a localprovider_tokencookie exists (backward compatible).
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| package-lock.json | Reorders the existing typescript@6.0.2 entry (no functional dependency change). |
| layouts/partials/navbar.html | Updates checkUserAuth to always attempt the Cloud profile fetch and include credentials for session-cookie-based auth. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Authenticated users on
cloud.layer5.iowere not recognized ondocs.layer5.iobecausecheckUserAuthbailed out before making the API call when theprovider_tokencookie wasn't present on the docs subdomain. Safari and other browsers with strict cookie isolation are particularly affected.Changes:
throwwhenprovider_tokencookie is absent — the function now always attempts the API callcredentials: 'include'to the fetch so the browser sendscloud.layer5.iosession cookies cross-originNote: This requires the
cloud.layer5.ioAPI to respond with appropriateAccess-Control-Allow-Credentials: trueandAccess-Control-Allow-Originheaders fordocs.layer5.io. If CORS isn't already configured for credentialed requests, a corresponding server-side change will be needed.