cloudflare / orange

https://demo.orange.cloudflare.dev/
Other
1.55k stars 216 forks source link

Infinite redirect loop in Chrome on Mac OS X #86

Open phpb-com opened 2 months ago

phpb-com commented 2 months ago

When using with Cloudflare Access in Chrome, I've experienced infinite redirect loop when trying to refresh page after the first visit. Removing addOneDay and just comparing based on the current date (token not yet expired) fixes the problem. Is there a reason why we need to ensure that expiration is one day in the future? I thought that will depend on the application configuration and should not always be the case.

https://github.com/cloudflare/orange/blob/49cb2ccba6e76b4b1015de9546d3eb46779a7885/app/root.tsx#L62

third774 commented 2 months ago

Hey! Thanks for your interest in the project, and very cool to see that you're also using it with Access!

The reason we make this check is to prevent a situation where a user joins a room, then a few minutes into their call, their token expires, meaning they can no longer open/close tracks for users who may join/leave as the meeting progresses.

To ensure this doesn't happen, we check the freshness of the token, and if it's less than 24 hours we force them to get a new one.

As for the reason you're encountering infinite redirect loop — make sure that you have Same Site Attribute set to Lax in your Access configuration. That should resolve the issue, assuming your tokens have a lifespan > 24 hours.

third774 commented 2 months ago

Perhaps we could make that 24 hour window configurable via environment variable — it's always tricky trying to guess "how long is enough" for a video call to last.

phpb-com commented 2 months ago

That makes sense. Should I try and submit a PR to make it configurable, or will you be working in that area. Thanks.