Skip to content

feat(clerk-js): Add default Allowed redirect origins #2128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Nov 17, 2023
Merged

feat(clerk-js): Add default Allowed redirect origins #2128

merged 8 commits into from
Nov 17, 2023

Conversation

@octoper
Copy link
Member

@octoper octoper commented Nov 14, 2023
edited
Loading

Description

This PR introduces default values for the allowedRedirectOrigins option, the current implementation does not provide any defaults, with this change if there is no option provided the default will be similar to the example below.

Let's say the host of the application is test.host, the origins will be

  • https://test.host/
  • https://yourawesomeapp.clerk.accounts.dev/
  • https://*.yourawesomeapp.clerk.accounts.dev/

Checklist

  • npm test runs as expected.
  • npm run build runs as expected.
  • (If applicable) JSDoc comments have been added or updated for any package exports
  • (If applicable) Documentation has been updated

Type of change

  • 🐛 Bug fix
  • 🌟 New feature
  • 🔨 Breaking change
  • 📖 Refactoring / dependency upgrade / documentation
  • other:

Packages affected

  • @clerk/backend
  • @clerk/chrome-extension
  • @clerk/clerk-js
  • @clerk/clerk-expo
  • @clerk/fastify
  • gatsby-plugin-clerk
  • @clerk/localizations
  • @clerk/nextjs
  • @clerk/clerk-react
  • @clerk/remix
  • @clerk/clerk-sdk-node
  • @clerk/shared
  • @clerk/themes
  • @clerk/types
  • build/tooling/chore

@changeset-bot
Copy link

changeset-bot bot commented Nov 14, 2023
edited
Loading

🦋 Changeset detected

Latest commit: 419ead7

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages
Name Type
@clerk/clerk-js Minor
@clerk/chrome-extension Patch
@clerk/clerk-expo Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@octoper octoper self-assigned this Nov 14, 2023
@octoper octoper force-pushed the vaggelis/sdk-363-set-a-default-for-allowedredirectorigins-in-clerkjs branch from 0736b69 to 1b8d03b Compare November 14, 2023 13:09
@octoper octoper marked this pull request as ready for review November 14, 2023 13:09
@octoper octoper requested a review from a team as a code owner November 14, 2023 13:09
dimkl
dimkl reviewed Nov 14, 2023
View reviewed changes
Copy link
Contributor

@dimkl dimkl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔧 Based on the definition of the origin from MDN docs, I think that we should only allow passing origin values to the allowedRedirectOrigins option (eg ${protocol}://${domain}:${port}). Doing that will also allow us to drop the /* path default origins. If we want to match paths in allowedRedirectOrigins i would advise we rename the options.
cc: @nikosdouvlis

@octoper octoper force-pushed the vaggelis/sdk-363-set-a-default-for-allowedredirectorigins-in-clerkjs branch from 1b8d03b to 407ad7b Compare November 15, 2023 08:46
@octoper
Copy link
Member Author

octoper commented Nov 15, 2023

!preview

@clerk-cookie
Copy link
Collaborator

clerk-cookie commented Nov 15, 2023
edited
Loading

Hey @octoper, your preview is available.

Status Preview Updated (UTC)
🍪 Deployed Visit preview Nov 15, 2023 10:50 AM

nikosdouvlis
nikosdouvlis requested changes Nov 16, 2023
View reviewed changes
Copy link
Member

@nikosdouvlis nikosdouvlis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@octoper this looks good, we need a minor change but apart from that everything is in place. Let's try and merge it today :)

@nikosdouvlis
Copy link
Member

🔧 Based on the definition of the origin from MDN docs, I think that we should only allow passing origin values to the allowedRedirectOrigins option (eg ${protocol}://${domain}:${port}). Doing that will also allow us to drop the /* path default origins. If we want to match paths in allowedRedirectOrigins i would advise we rename the options. cc: @nikosdouvlis

The /* part should not be required for someone to use allowedRedirectOrigins successfully. These tests cover almost all valid use cases (

javascript/packages/clerk-js/src/utils/__tests__/url.test.ts

Line 421 in d37d44a

const cases: [string, Array<string | RegExp> | undefined, boolean][] = [
) without /*

Are you suggesting we manually remove /* if the user passes it in? Would that offer any benefit DX-wise?

@octoper octoper force-pushed the vaggelis/sdk-363-set-a-default-for-allowedredirectorigins-in-clerkjs branch 2 times, most recently from 7a3faa6 to 898fd84 Compare November 16, 2023 15:50
nikosdouvlis
nikosdouvlis approved these changes Nov 16, 2023
View reviewed changes
anagstef
anagstef reviewed Nov 16, 2023
View reviewed changes
dimkl
dimkl approved these changes Nov 16, 2023
View reviewed changes
packages/clerk-js/src/utils/url.ts Outdated
): (string | RegExp)[] | undefined {
if (!allowedRedirectOrigins || allowedRedirectOrigins.length === 0) {
const origins = [];
if (typeof window !== 'undefined' && !!window.location) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❓ could we use the inBrowser() helper instead? @anagstef wdyt?

Copy link
Member Author

@octoper octoper Nov 16, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh I had that but change it as another utility function in the same file had it like this so I stick with that for consistency, but I can change to the inBrowser for every function here.

@octoper octoper force-pushed the vaggelis/sdk-363-set-a-default-for-allowedredirectorigins-in-clerkjs branch from 7e94a65 to a0a7b81 Compare November 17, 2023 10:15
@octoper octoper requested review from anagstef and dimkl November 17, 2023 10:25
dimkl
dimkl approved these changes Nov 17, 2023
View reviewed changes
Copy link
Contributor

@dimkl dimkl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@octoper octoper added this pull request to the merge queue Nov 17, 2023
Merged via the queue into main with commit e400fa9 Nov 17, 2023
@octoper octoper deleted the vaggelis/sdk-363-set-a-default-for-allowedredirectorigins-in-clerkjs branch November 17, 2023 10:37
@clerk-cookie clerk-cookie mentioned this pull request Nov 17, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nikosdouvlis nikosdouvlis nikosdouvlis approved these changes

@anagstef anagstef Awaiting requested review from anagstef

+1 more reviewer

@dimkl dimkl dimkl approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@octoper octoper

Labels

clerk-js

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@octoper @clerk-cookie @nikosdouvlis @dimkl @anagstef