[Bug?]: Cookie/auth issues for vercel deployment on versions v8

[efe-pullflow]

What's not working?

What's not working? I'm seeing issues in a production deployment to vercel after upgrading from v7.7.4 to v8.3.0. The issue only shows up when deployed to vercel, local development behaves as expected. The issue is with auth/cookies not being set after the POST request to /api/auth (which does get a 200 response), but does not have the setCookie header. The subsequent GET request to /api/auth?method=getToken also has a 200 response but does not return the logged in users id. This results in the user not being able to get passed the login/signup page. The behavior does not show up when developing locally. I have a git repository with the minimal changes needed for a repro.

v7.7.4:

• Local developemnt works
• Production deploy DOES NOT have auth issues
• See the code in the v7.7.4 branch of the repro repository
• Live Vercel Deployment to working auth

v8.0.0:

• Local developemnt works
• Production deploy DOES have auth issues descibed above
• See the code in the v8.0.0 branch of the repro repository
• Live Vercel Deployment to broken auth v8.0.0

v8.3.0:

• Local developemnt works
• Production deploy DOES have auth issues descibed above
• See the code in the main branch of the repro repository
• Live Vercel Deployment to broken auth v8.3.0

Please let me know if you need any more information about my setup. The app is setup with a free supabase postgres instance (example format for env vars below), hosted on vercel with env vars set in the following format:

• SESSION_SECRET= secret obtained from running 'yarn rw g secret'

• DATABASE_URL=postgres://postgres.example:examplepw@aws-0-us-west-1.pooler.supabase.com:6543/postgres?sslmode=require&pgbouncer=true&connection_limit=1

• DIRECT_DATABASE_URL=postgres://postgres.example:examplepw@aws-0-us-west-1.pooler.supabase.com:5432/postgres?sslmode=require

• NODE_ENV=production The codebase for the reproduction lives at https://github.com/jgal1/redwood-vercel . The v7.7.4 branch has the code which works for both local and vercel deployment, the v8.0.0 branch has the v8.0.0 code which does not work when deployed to vercel, and the main branch has the v8.3.0 version which also does not work when deployed to production.

To get a fresh repository for the minimal reproduction follow the below steps:

yarn create redwood-app redwood-vercel --typescript cd redwood-vercel && yarn install yarn rw setup ui tailwindcss yarn rw setup auth dbAuth yarn rw setup deploy vercel The vercel deployment uses the standard redwood preset, and the only requirement on vercel is to set the environmental variables which are stated above.

This shouldn't make any difference for this issue but for my specific case, to connect to the supabase postgres instance the schema.prisma file needs the following edit (add directUrl) to the 'datasource' config:

datasource db { provider = "postgresql" url = env("DATABASE_URL") directUrl = env("DIRECT_DATABASE_URL") } For local development, the DATABASE_URL and DIRECT_DATABASE_URL should be the same and should have the following format:

DATABASE_URL="postgresql://[DB_USER]:[PASSWORD]@localhost:5432/[DB_NAME]?connection_limit=1" DIRECT_DATABASE_URL="postgresql://[DB_USER]:[PASSWORD]@localhost:5432/[DB_NAME]?connection_limit=1" Please let me know if there is anything I can do to help debug, for example any vercel permissions issues viewing the deployed domains, or vercel logs.

The following two links to another github issue and the community discussion could be related, as they have similar symptoms:

https://github.com/redwoodjs/redwood/issues/11576

How do we reproduce the bug?

No response

What's your environment? (If it applies)

No response

Are you interested in working on this?

• [ ] I'm interested in working on this

[test-et-pullflow-ai[bot]]

Hello @efe-pullflow! I'm here to assist with your issue regarding cookie/auth problems on Vercel deployments with version v8.

From your description, it seems like the issue is isolated to production deployments on Vercel, specifically with auth/cookies not being set correctly after upgrading from v7.7.4 to v8.3.0.

Since the problem doesn't occur in local development, it might be related to Vercel's environment or configuration changes between versions. Here are a few steps you could consider:

1. Check Vercel Logs: Review the server logs on Vercel to see if there are any errors or warnings during the auth process.
2. Environment Variables: Ensure all necessary environment variables are correctly set up in the Vercel dashboard for the new version.
3. Cross-Origin Resource Sharing (CORS): Verify CORS settings since they might affect cookie handling between client and server in production.
4. Upgrade Path: Double-check the upgrade notes from v7.7.4 to v8.3.0 for any breaking changes related to authentication or cookies.

If you can provide additional information about your environment or any specific error messages, it could help narrow down the issue further.

Please let me know if there's anything else I can assist with, or if you have further details to share.