Support cookie parameters #1771
Comments
MicahParks
added
enhancement
|
Hey @MicahParks! It seems to be specifically related to Next.js. When you use When you use This is a totally normal behavior, forwarding cookies automatically could result in hard to spot issues and security issues. (ex: forwarding authorization cookie to a third party api). I advise you to use two distinct |
|
@kerwanp are you sure that this is unique to Next.js? The below snippet uses the cookies function and runs on the Next.js server side. It is supposed to to pass the cookies from the web browser's request to the external Golang API. I can log the value of const {data, error} = await GET("/signup/checkout-products", {
params: {
cookie: {"account": cookies().get(CookieAccount)?.toString() || ""},
},
next: {revalidate: 3600},
})It seems that populating the If a middleware is required, I would suggest
If a middleware is not required, perhaps my original proposal may be considered. Please note that automatically forwarding cookies is not in the original proposal. |
I'm in favour of this since I tried to migrate to If I have
Usually shouldn't happen unless you opt into this manually with |
|
Oh yes I 💯 need this setup! Right now I have to either wrap all my server endpoints with accessToken or add the cookie header to the call from 'use server';
import { auth } from '@/auth';
import { Configuration, SpacesApi } from '@/lib/api';
import { cookies } from 'next/headers';
export const config = async () => {
const session = await auth();
const myCookies = await cookies();
return new Configuration({
basePath: process.env.API_ENDPOINT!,
accessToken: session?.access_token,
credentials: 'include',
headers: {
Cookie: `authjs.session-token.0=${myCookies.get('authjs.session-token.0')}`,
},
});
};
export const spacesApi = async () => {
const configuration = await config();
return new SpacesApi(configuration);
};Also is there an easier way to do this configuration for all APIs? Is it through middleware somehow? |
|
I agree with @kerwanp here. Automatically forwarding (all) cookies from the server is a gaping security hole (in general). It should absolutely be possible with a middleware to attach cookies if desired. |
Description
My OpenAPI specification contains parameters with values are located in cookies. It would be most convenient if this project wrote specified cookies to outgoing requests.
I saw #1689 was closed and wanted an open issue for tracking.
When the
openapi-typescriptclient is running in my Next.js project under a file with"use client"the web browser cookies are sent along 👍When the
openapi-typescriptclient is running on server side Next.js code, no cookies are sent along with the request, even when specified.Proposal
Cookies that are specified for a request are written to outgoing requests. If a cookie under that name already exists, it is overwritten if specified. In the case of the
openapi-typescriptclient running under a file with"use client"(in the web browser), supplying the value ofnull(or similar) for a specified cookie name will allow a type-safe way to convey the meaning "use the web browser's value for this cookie"Alternatively, docs and an example on how to do this via middleware would be wonderful, I am not very TypeScript savvy.
Checklist
The text was updated successfully, but these errors were encountered: