Deploying on Vercel leads to 500 error for ssr-auth-required and ssr-no-token

gladly-team / next-firebase-auth

Simple Firebase authentication for all Next.js rendering strategies

https://nfa-example-git-v1x-gladly-team.vercel.app/

MIT License

1.34k stars 291 forks source link

Deploying on Vercel leads to 500 error for ssr-auth-required and ssr-no-token #636

Closed MvRemmerden closed 1 year ago

MvRemmerden commented 1 year ago

Describe the bug

When deploying the example via Vercel, the ssr-auth-required and ssr-no-token examples lead to a 500 error. When looking at the logs in Vercel, the reason was that the api/example endpoint gives 400 response.

Interestingly it only did so for the token authentication, but not for the cookie authentication. When searching for why that could be the case, I came across this StackOverflow answer that states that Vercel strips the Authorization header in certain circumstances: https://stackoverflow.com/a/71516546

Following their proposal to rename Authorization to x_authorization did solve the problem for me.

Versions

next-firebase-auth version: 1.0.0-canary.19 Firebase JS SDK: 9.19.1 Next.js: 13.3.0

kmjennison commented 1 year ago

Are you suggesting any particular changes to this package? It's already possible to use any header you want to pass the ID token (see #520)—though I see that the README needs to be updated to include that info.

MvRemmerden commented 1 year ago

@kmjennison What do you think about changing the default to a way that works with Vercel? My assumption would be that Vercel is the main provider people will be using, and if this package doesn't work out of the box, but requires configuration changes, that's not a great first experience.

Otherwise, we could leave a comment in the code linking to the StackOverflow discussion.

kmjennison commented 1 year ago

@MvRemmerden Do you know how to reproduce the Vercel problem? The demo for this project deploys on Vercel without a problem using the Authorization header, as does another project I've worked on. This issue is the first I've seen of this problem, which makes me wonder if it's caused by some non-standard Vercel configuration.

MvRemmerden commented 1 year ago

I have a minimal and functional project live where that's the case, but it's private. Should I invite you to the repo and Vercel project?

kmjennison commented 1 year ago

Would you be willing to clone and deploy the demo app publicly to your Vercel? That would be the most helpful reproduction of the problem.

kmjennison commented 1 year ago

Closing until there's a reproduction with a common Vercel use-case.