fix: prevent 413 errors because of large org auth cookies#1086
Conversation
Signed-off-by: datron <[email protected]>
Changed Files
|
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
WalkthroughThis PR introduces a shared ChangesOrg Cookie Eviction
Estimated code review effort: 3 (Moderate) | ~25 minutes Sequence Diagram(s)sequenceDiagram
participant Client
participant Authenticator
participant SaasAuthenticator
participant CookieHelper as add_org_cookie_with_eviction
Client->>Authenticator: switch_organisation(req, path)
Authenticator->>CookieHelper: add_org_cookie_with_eviction(req, login_type, token, path, builder)
CookieHelper->>CookieHelper: parse orgs_order cookie, evict oldest if over MAX_ORG_COOKIES
CookieHelper-->>Authenticator: updated HttpResponseBuilder
Authenticator-->>Client: HttpResponse with Location header
Client->>SaasAuthenticator: get_org_user(request)
SaasAuthenticator->>CookieHelper: add_org_cookie_with_eviction(request, login_type, token, path, builder)
CookieHelper-->>SaasAuthenticator: updated HttpResponseBuilder
SaasAuthenticator-->>Client: HttpResponse::Found with Location header
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
@Datron Can we decline this PR? |
Problem
For every organisation visited, we add an auth cookie for the realm. Eventually you get a 413 error due to a large cookie header value.
Solution
Remove the oldest org cookie visited
Summary by CodeRabbit
New Features
Bug Fixes