[@hono/auth-js] certain redirects are broken due to headers not being copied #896

williamrobertson13 · 2024-12-19T18:41:47Z

As mentioned in honojs/hono#2681 (comment), the auth-js middleware sends back responses using new Response instead of c.body which causes the response headers to get lost in a production environment. This breaks server-side redirects and unfortunately isn't caught by the test suite since app.request doesn't mimic real networking conditions.

The fix here is to use c.body for returning responses, but I think there's something else that needs fixing since switching to that breaks several other tests which I can't figure out the reason for. Anywho, thank you and looking forward to hearing back!

Expected
GET /api/auth/callback/postmark?confirmationToken=abc on already used token -> 302 to /api/error?error=Verification

Actual
GET /api/auth/callback/postmark?confirmationToken=abc on already used token -> 200 response with no redirect

The text was updated successfully, but these errors were encountered:

williamrobertson13 changed the title ~~[@hono/auth-js] server-side redirects are broken due to headers not being copied~~ [@hono/auth-js] certain redirects are broken due to headers not being copied Dec 19, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[@hono/auth-js] certain redirects are broken due to headers not being copied #896

[@hono/auth-js] certain redirects are broken due to headers not being copied #896

williamrobertson13 commented Dec 19, 2024 •

edited

Loading

[@hono/auth-js] certain redirects are broken due to headers not being copied #896

[@hono/auth-js] certain redirects are broken due to headers not being copied #896

Comments

williamrobertson13 commented Dec 19, 2024 • edited Loading

williamrobertson13 commented Dec 19, 2024 •

edited

Loading