search

blitz-js / legacy-framework

MIT License
3 stars 2 forks source link

CSRFTokenMismatchError when importing Prisma client in blitz.config.ts #24

Open jan-wilhelm opened 3 years ago

jan-wilhelm commented 3 years ago

What is the problem?

When importing the @prisma/client package in blitz.config.ts (or when importing any file in blitz.config.ts that itself recursively references an import to @prisma/client anywhere in its dependency tree), any incoming request to Blitz fails with a CSRFTokenMismatchError in production mode.

For example, simply cloning and running the "auth" example from the current canary branch examples folder you get the exact same error when simply running yarn build && yarn start.

Paste all your error logs here:

2021-08-03 09:37:59.205 ERROR Error while processing the request 

 CSRFTokenMismatchError  
details:
{
  name: 'CSRFTokenMismatchError',
  statusCode: 401
}

Paste all relevant code snippets here:

Code taken from examples/auth/blitz.config.ts

import {sessionMiddleware, simpleRolesIsAuthorized} from "blitz"
import db from "db"
const withBundleAnalyzer = require("@next/bundle-analyzer")({
  enabled: process.env.ANALYZE === "true",
})

module.exports = withBundleAnalyzer({
  middleware: [
    sessionMiddleware({
      cookiePrefix: "blitz-auth-example",
      isAuthorized: simpleRolesIsAuthorized,
      getSession: (handle) =>
        db.session.findFirst({where: {handle}}).then((session) => {
          console.log(session)
          return session
        }),
    }),
  ]
})

What are detailed steps to reproduce this?

  1. Clone the "auth" example locally and install dependencies
  2. Run yarn prisma migrate dev
  3. Run yarn build && yarn start
  4. Go to localhost:3000 (just to make sure: Do that in incognito mode, so that all cookies are cleared)
  5. The server fails with a CSRFTokenMismatchError

Run blitz -v and paste the output here:

Output from running blitz -v in the auth example folder

macOS Big Sur | darwin-x64 | Node: v16.5.0

blitz: 0.31.0 (global)
blitz: 0.39.0-canary.0 (local)

  Package manager: yarn 
  System:
    OS: macOS 11.5
    CPU: (16) x64 Intel(R) Core(TM) i9-9880H CPU @ 2.30GHz
    Memory: 760.63 MB / 16.00 GB
    Shell: 5.8 - /usr/local/bin/zsh
  Binaries:
    Node: 16.5.0 - /usr/local/bin/node
    Yarn: 1.22.10 - /usr/local/bin/yarn
    npm: 7.19.1 - /usr/local/bin/npm
    Watchman: 4.9.0 - /usr/local/bin/watchman
  npmPackages:
    @prisma/client: 2.24.1 => 2.24.1 
    blitz: 0.39.0-canary.0 => 0.39.0-canary.0 
    prisma: 2.24.1 => 2.24.1 
    react: 0.0.0-experimental-6a589ad71 => 0.0.0-experimental-6a589ad71 
    react-dom: 0.0.0-experimental-6a589ad71 => 0.0.0-experimental-6a589ad71 
    typescript: 4.3.5 => 4.3.5

Please include below any other applicable logs and screenshots that show your problem:

No response

flybayer commented 3 years ago

Hmm that's weird! Are you using auth example on main or canary branch? Because main branch is mega old and not currently used.

The first step for anyone who wants to look into this is add a new prisma integration test in https://github.com/blitz-js/blitz/tree/canary/test/integration (can copy the auth integration test and modify). Then make a test to reproduce this issue.

The only thing I can think that might remotely cause this is our compilation of blitz.config.ts via esbuild

jan-wilhelm commented 3 years ago

yes, sorry I meant the canary branch, not main.