search

unoplatform / Uno.Wasm.Bootstrap

A simple nuget package to run C# code in a WASM-compatible browser
Other
364 stars 57 forks source link

Azure Static Web Apps, with Authentication, WASM fails #875

Closed mikeirvingweb closed 1 month ago

mikeirvingweb commented 1 month ago

Current behavior

If you deploy to Azure Static Web Apps (a working Uno Platform WASM app)

then turn on basic "Password protection" authentication ("Standard" hosting required)

Screenshot 2024-07-17 at 16 10 17

then reload your app (maybe open an Incognito / Private window, for a fully fresh experience)

you will get the Azure login screen Screenshot 2024-07-17 at 16 13 28

Enter your password, hit Submit

The page starts to load, but hangs.

Open the Dev Tools (F12) and Refresh the page to see what's going on.

In the console. Lots of errors Screenshot 2024-07-17 at 16 16 02

and in the Network Tab, you will se that lots of the files in the package_ ... folder get issued a 302 redirect back to the authorisation page. Screenshot 2024-07-17 at 16 19 40

If you request one of these files in a Fresh browser tab, it works Screenshot 2024-07-17 at 16 22 03 Screenshot 2024-07-17 at 16 22 38

This is because the fresh request can see the Auth cookie.

But the Framed / Embedded request cannot.

Here is the Azure Static Web Apps Cookie - see Application Tab in Developer Tools Screenshot 2024-07-17 at 16 24 17

This seems like a Browser security issue see: https://stackoverflow.com/questions/68788202/page-within-iframe-not-seeing-its-own-cookies

--

I have tried various settings in my staticwebapp.config.json file to try to alleviate this, namely:

Screenshot 2024-07-17 at 16 28 06

to no resolution.

--

it would appear, given the browser security settings, this would happen on other web hosting services that are looking for a cookie too.

Any suggestions?

Expected behavior

a WASM deployed app would work, behind authentication

How to reproduce it (as minimally and precisely as possible)

No response

Workaround

No response

Works on UWP/WinUI

Yes

Environment

No response

NuGet package version(s)

No response

Affected platforms

WebAssembly

IDE

No response

IDE version

No response

Relevant plugins

No response

Anything else we need to know?

No response

mikeirvingweb commented 1 month ago

p.s. I feel this would happen behind any form of authentication that is failing due to cookie access.

jeromelaban commented 1 month ago

Thanks for the report. It is likely that the .NET runtime is not propagating the required cookies for authentication to work properly.

We're using this:

https://github.com/unoplatform/Uno.Wasm.Bootstrap/blob/6ee09b0df97780d5ca8f9ff22e04c39d502978c6/src/Uno.Wasm.Bootstrap/ts/Uno/WebAssembly/Bootstrapper.ts#L570

to fetch the runtime's assets, but it may not be enough to get everything through.