Closed Libter closed 7 years ago
I can't reproduce error on branch from this PR:
Result: Errors in console, user is logged out and redirected to /login page.
Notification about expired session will be added.
Ok, maybe more details will help debugging. Maybe I'm doing something wrong or it's OS/Browser dependent.
Ubuntu 16.04 64bit Chrome 56.0.2924.87 (64-bit)
git clone https://github.com/Libter/spawn-frontend-material
cd spawn-frontend-material
git checkout issue69
npm install
npm run dev
After logging in with fresh user from https://demoapi.lvlup.pro/v3/auth/register on incognito mode I edit localStorage with devtools by adding z
before first char then clicking payments page. Next this happens:
It's another problem with Access-Control-Allow-Origin - for tests it should be always *
(#18) and for production always my.lvlup.pro
. Currently it's set properly only if response doesn't contains errors.
I forgot that I was using chrome browser with --disable-web-security
flag which gave me correct error:
Ok so it's CORS related if works for you with --disable-web-security
.
On demo it's configured like this:
https://enable-cors.org/server_nginx.html
Some vodoo must be missing from CORS config.
Oh no, it's CORS nginx related for error results http://serverfault.com/a/431580/195911
http://nginx.org/en/docs/http/ngx_http_headers_module.html
Adds the specified field to a response header provided that the response code equals 200, 201, 204, 206, 301, 302, 303, 304, or 307. A value can contain variables.
http://serverfault.com/a/647552/195911
Since Nginx 1.7.5 you can use always to add a header irrespective of the response code:
add_header X-Test "blahblahblah" always;
After boxing with nginx I think it's working on dev env, now I just rewrite new config for demo and prod and deploy ETA 10min
Ok, CORS patch is online and this code works now :tada: Unfortunately when logging in with wrong credentials there is also a "Session expired" notification. Can you try fix it? Then I can finally merge :>
Done. In the future backend may return standard JSON response (HTTP code: 200) like { "error": true, "code": "invalid_password" }
, { "error": true, "code": "token_expired" }
, { "error": true, "code": "invalid_token" }
, etc. instead of error code 401 - this will make error handling much more accurate.
This is very important bugfix, unfortunately it doesn't log out user with malformed token :cry:
Steps to reproduce:
Result: Errors in console, user is still logged in
Expected result: Logout then display notification about expired session