search

Azure / static-web-apps

Azure Static Web Apps. For bugs and feature requests, please create an issue in this repo. For community discussions, latest updates, kindly refer to the Discussions Tab. To know what's new in Static Web Apps, visit https://aka.ms/swa/ThisMonth
https://aka.ms/swa
MIT License
330 stars 56 forks source link

Unable to use role invite link if SWA is behind Azure Front Door and staticwebapp.config.json locks down access to only accept from FrontDoor #1251

Open tomaustin700 opened 1 year ago

tomaustin700 commented 1 year ago

Hi, When a SWA is behind Azure FrontDoor and the staticwebapp.config.json locks down access to only accept traffic from FrontDoor like this:

"networking":{
      "allowedIpRanges":[
         "AzureFrontDoor.Backend"
      ]
   },
   "forwardingGateway":{
      "requiredHeaders":{
         "X-Azure-FDID":"1111111-873a-4e4c-b556-cacd69e38eee"
      },
      "allowedForwardedHosts":[
         "test.test.com"
      ]
   },

It is impossible to use the link to invite users to a role defined within the SWA. The link fails to work as it attempts to navigate the user to the main SWA URL as it has no knowledge of the domain within FrontDoor.

To Reproduce Steps to reproduce the behavior:

  1. Create SWA and Azure FrontDoor
  2. Create Origin Group and Rule in FrontDoor to send traffic to the SWA
  3. Modify staticwebapp.config.json to only allow traffic front FrontDoor (see example above)
  4. Attempt to invite an invitation link for adding a user for a role within the SWA
  5. See invite url is the SWA url as the SWA has no knowledge of the FD domain
  6. Attempt to use invite link, see it fails to work.

Expected behavior Should be able to manually override the domain when create an invitation link.

hawkzey commented 1 month ago

I have this exact same problem at the moment @tomaustin700 did you manage to navigate around this?

tomaustin700 commented 1 month ago

@hawkzey Afraid not, I ended up giving up with it.