Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
WalkthroughModified hostname retrieval logic in the client app implementation to conditionally handle browser versus non-browser platforms. Replaced unconditional hostname assignment with an else-guarded approach and added console warning for missing hostname scenarios. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (1 passed)
✨ Finishing touches
🧪 Generate unit tests (beta)
📜 Recent review detailsConfiguration used: CodeRabbit UI Review profile: CHILL Plan: Pro 📒 Files selected for processing (1)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)
🔇 Additional comments (1)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Greptile Overview
Greptile Summary
Fixed a control flow bug in _queueCustomRefreshCookieUpdate where the server-side hostname lookup was unconditionally overwriting the browser hostname. The bug was introduced in PR #971 when the Next.js platform-specific code wasn't wrapped in an else block, causing the server's sc.headers() call to always execute and override window.location.hostname even in browser contexts.
Key changes:
- Added
elseblock around Next.js server hostname retrieval (line 593-595) - Added warning log when hostname cannot be determined (line 598)
This ensures proper hostname detection for cookie domain configuration in both browser and Next.js server environments.
Confidence Score: 5/5
- This PR is safe to merge - it fixes a critical control flow bug with a minimal, surgical change
- The fix addresses a clear logic error where server code was executing in browser context, overwriting the correct hostname value. The change is minimal (adding one else block), follows the platform conditional pattern used elsewhere in the codebase, and adds helpful debugging with the console.warn. No security issues or unintended side effects introduced.
- No files require special attention
Important Files Changed
File Analysis
| Filename | Score | Overview |
|---|---|---|
| packages/template/src/lib/stack-app/apps/implementations/client-app-impl.ts | 5/5 | Fixed control flow bug where server hostname was always overwriting browser hostname by adding else block |
Sequence Diagram
sequenceDiagram
participant App as Client App
participant Func as _queueCustomRefreshCookieUpdate
participant Browser as Browser Check
participant Server as Next.js Server (sc.headers)
participant Cache as _trustedParentDomainCache
participant Cookie as setCookie
App->>Func: Call with refreshToken, updatedAt, context
Func->>Browser: isBrowserLike()?
alt Browser Environment
Browser-->>Func: true
Func->>Func: hostname = window.location.hostname
else Server Environment (Next.js)
Browser-->>Func: false
Func->>Server: await sc.headers().get("host")
Server-->>Func: hostname from headers
end
alt No hostname found
Func->>Func: console.warn() and return
else Hostname found
Func->>Cache: getOrWait([hostname])
Cache-->>Func: trusted parent domain
Func->>Cookie: Set/delete cookie with domain
end
1 file reviewed, no comments
2 participants
Summary by CodeRabbit
Release Notes