Cell queries are called twice when the route is unprotected and secured mode is off

[deibeljc]

// TODO: Provide reproducible repo

To reproduce:

1. Bootstrap a new redwood app
2. Add dbAuth
3. Scaffold login/signup pages
4. Create a cell that queries some data
5. Use that cell in a route/page that is not private
6. Login to the app
7. Visit the route

Expected: Data hits the loading state, then shows the data when it succeeds

Actual: Cell hits the loading state, then success state, then loading state again, then success state again.

[cannikin]

Thanks for the report @deibeljc Did you by any chance try any other auth providers with this same flow? This for sure only happens with dbAuth?

[deibeljc]

@cannikin I have not tried any other auth providers, sorry! I really like being in control of my own auth (thanks so much for dbAuth ❤️), so I likely won't branch out to other auth solutions.

[cannikin]

Roger that, I'll try to reproduce with another provider and see if it's unique to dbAuth or something that's happening with all our auth in general!

[thedavidprice]

@cannikin This was originally reported by @deibeljc here in Discord: https://discord.com/channels/679514959968993311/716252919875240007/889355646326153256

If I understand correctly, the behavior reported here goes away when Secure Services are enabled:

I have not yet. The issue goes away in secured mode I believe. I'll go ahead and create an issue though!

If my understanding is correct, this might be resolved in the upcoming v0.37

[cannikin]

I can confirm this happening: when the Cell is outside of the login wall it cycles from Loading to Success twice. If you then make the path <Private> it renders only once, as expected.

@thedavidprice I'm not able to follow that link...it just brings me to a page that says:

Did he ever open an issue? Do we know what the underlying problem is? Does it affect all auth providers or just dbAuth?

[thedavidprice]

Discord links = 👎

Nonetheless, @deibeljc (who opened this Issue) is the one who reported on Discord! I was trying to avoid him having to repeat the conversation. Alas, here is some copy pasta:

... It seems to happen only on unprotected stuff when you are logged in If you logout I believe it will behave normally I have a feeling (haven't confirmed) that it has to do with it calling the graphql endpoint, then auth, then the graphql endpoint WITH the auth it just got Yup, just confirmed the first call has no authorization header, the second does https://streamable.com/4lc0ey

I lost the context about "The issue goes away in secured mode I believe.", which I understood as the redundant queries going away when REDWOOD_SECURE_SERVICES=1

So assume I made that part up unless someone demonstrates otherwise.

[cannikin]

Ahh, I thought maybe he meant that if you put the page behind a <Private> route (thus "securing" it) the problem goes away (which is what I found in my testing above).

[cannikin]

So with Netlify I'm not seeing the double render, although I do see an extra GraphQL request that gets canceled by something in our code:

The payload is the same as the following request, which succeeds (the QUERY for the cell):

If I put the cell behind a <Private> route, then the second, canceled request goes away:

So maybe we've got something going on in all of auth, it's just that dbAuth shows the real problem (double render) and the others are doing something that sort of prevents it?

[cannikin]

You can try for yourself here: https://serene-kilby-d1af13.netlify.app/pricing Login: johndoe@example.com / password

The /pricing page is NOT behind a login wall, it just presents the login/logout buttons.

(The database behind this site is going to go away by Sept 27)

[deibeljc]

Ahh, I thought maybe he meant that if you put the page behind a <Private> route (thus "securing" it) the problem goes away (which is what I found in my testing above).

Sorry for not being clear, I did mean both when you it behind a <Private> route and also I believe when you set the overall configuration to REDWOOD_SECURE_SERVICES=1 then the issue went away entirely.

[thedavidprice]

Can anyone confirm if this is an issue with v0.37?

[thedavidprice]

@dthyresson showed me this behavior is still occurring in v0.37. Need to diagnose and FIX 🐛🔨

[viperfx]

Just wanted to add that recently our app started seeing a very similar issue.

Double requests, but for authenticated routes and currently this behavior still happens after our recent upgrade to 0.37.

Unfortunately, I don't know when this started happening so not able to pinpoint a specific rw version. I am also still investigating if it's something we have changed globally in our app that could cause this.

Do let me know if there is something I can do to provide more information to help provide more debug information

[dthyresson]

@thedavidprice I've looked into this from a number of angles:

• webpack and http proxy middleware
• api-server and the "with" middleware with express and http proxy middleware + bodyParser (as many many issues have been raised where the order of these can cause the connection reset)
• graphql-server authContext
• auth provider
• fetch config provider
• redwood Apollo provider

And I cannot see what's causing the double request ...

Which leaves me wondering: Router.

And Router is a package I don't know much about.

Maybe I can pair with @thedavidprice or @jtoar or @dac09 and we can see if there is something in the Router that is making 2 requests almost simultaneously?

[thedavidprice]

Roger that. I'd suggest both @jtoar and @Tobbe based on availability.

Thanks, all!

[jtoar]

I'm not sure if https://github.com/redwoodjs/redwood/pull/4320 will resolve the double querying—I'll revisit that—but it will resolve the double rendering.