Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Turbo frame request from subdomain after hard reload without cookie header #1323

Open
mdrbohlav opened this issue Oct 8, 2024 · 2 comments
Open

Turbo frame request from subdomain after hard reload without cookie header #1323

mdrbohlav opened this issue Oct 8, 2024 · 2 comments

Comments

@mdrbohlav
Copy link

mdrbohlav commented Oct 8, 2024
edited
Loading

Hi guys, I have an issue with loading turbo frame from subdomain after hard reload (cmd/ctrl+shift+r or disabled cache in the Dev console > Network tab). So far I know it happens in Chrome and Safari, everything works in Firefox.

The overview of the setup:

  1. Main app runs on root domain, let's say example.com. The app there has a turbo frame that returns either user menu if signed in or guest menu if not. The url for that is https://example.com/-/user_menu. Everything on this domain works as expected.
  2. I have an admin part of the app that runs on a subdomain admin.example.com. It has the same user menu so the turbo frame there has the same url https://example.com/-/user_menu.

The user menu is loaded correctly when I come to the admin app via a link from the main app. It also works when I reload the page (cmd/ctrl+r). But when I do hard reload (cmd/ctrl+shift+r) the turbo frame request does not contain the cookie. Could there be an issue with how some browsers handle the cache reset on hard reload and the asynchronous turbo frame load? All the turbo frames loaded later have the cookie set in the request. Lazy loading does not help since this part of the page is at the top.

The user cookie is set up to work with subdomains and the fetch has credentials: 'same-origin'.

  • domain: .example.com
  • same-site: none
  • http_only: true
  • secure: true
  • expiration: in 2025

Do you have any idea what might be going wrong and where to look for a possible cause?

Ruby version: 3.3.2
Rails version: 7.0.4
Turbo version: 8.0.10
Chrome version: 129.0.6668.90
@pedroaugustofsilva
Copy link

Hi!

When you say "the fetch has withCredentials: true", what do you mean? Because "withCredentials" is not a valid option for fetch. The correct option is credentials and Turbo sets it to "same-origin".

Have you checked the console for any errors?

Let me see if I got this straight. If you access admin.example.com in incognito mode, the first load will not send the cookie using src defined in tubo frame. But, in subsequent loads it works?

@mdrbohlav
Copy link
Author

You are right of course. Do not know where I saw XMLHttpRequest, edited the first post so it does not confuse anyone else. Anyway, that does not change my issue since I have the domain in the cookies set to .example.com.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mdrbohlav @pedroaugustofsilva