Skip to content

Commit 59a0f4b

Browse files
committed
remove redirect uri from login request
1 parent a004832 commit 59a0f4b

4 files changed

Lines changed: 16 additions & 8 deletions

File tree

.env

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,6 @@ REACT_APP_DEFAULT_LOCALE='en-US'
2222
REACT_APP_MAP_ROULETTE_SERVER_URL='http://127.0.0.1:9000'
2323
REACT_APP_MAP_ROULETTE_SERVER_WEBSOCKET_URL='ws://127.0.0.1:9000/ws'
2424
REACT_APP_MAP_ROULETTE_SERVER_GRAPHQL_URL='http://127.0.0.1:9000/graphql'
25-
REACT_APP_SERVER_OAUTH_URL='http://127.0.0.1:9000/auth/authenticate?redirect=/mr3'
2625

2726
# OSM Server
2827
REACT_APP_OSM_SERVER='https://www.openstreetmap.org'

DEVELOPMENT.md

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ Note that this will create the development build and not the 'production' build.
3636

3737
```
3838
REACT_APP_URL='http://127.0.0.1:3000'
39-
REACT_APP_SERVER_OAUTH_URL='http://127.0.0.1:9000/auth/authenticate?redirect=http://127.0.0.1:3000'
39+
REACT_APP_MAP_ROULETTE_SERVER_URL='http://127.0.0.1:9000'
4040
```
4141

4242
2. Build the image using `docker build --pull -t maproulette-ui .`
@@ -85,9 +85,11 @@ the container to see them reflected in the application.
8585

8686
6. Edit your `.env.local` file in your front-end project and set:
8787
```
88-
REACT_APP_SERVER_OAUTH_URL='http://127.0.0.1:9000/auth/authenticate?redirect=http://127.0.0.1:3000'
88+
REACT_APP_MAP_ROULETTE_SERVER_URL='http://127.0.0.1:9000'
8989
```
9090
(assuming your back-end server is on port 9000 and front-end is on port 3000).
91+
The OAuth sign-in flow is served from this back-end URL; the redirect target is
92+
derived from the request's Origin header, so no separate OAuth URL is needed.
9193
Restart or startup your front-end server, and then navigate to the front-end
9294
at http://127.0.0.1:3000
9395

src/components/SignInButton/SignInButton.jsx

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,10 +30,15 @@ export class SignInButton extends Component {
3030

3131
this.setState({ clicked: true });
3232

33-
const frontendOrigin = window.env.REACT_APP_URL || window.location.origin;
34-
const loginUrl = `${window.env.REACT_APP_SERVER_OAUTH_URL}${encodeURIComponent(
33+
// We intentionally don't pass a redirect_uri: the backend derives it from
34+
// this request's Origin header, which resolves correctly across deployments
35+
// (maproulette.org, beta.maproulette.org, 127.0.0.1). For that to work this
36+
// must stay a `fetch` (not a top-level navigation) AND target the API host
37+
// rather than a same-origin relative path — browsers omit the Origin header
38+
// on same-origin GET fetches, so either would drop it.
39+
const loginUrl = `${window.env.REACT_APP_MAP_ROULETTE_SERVER_URL}/auth/authenticate?redirect=${encodeURIComponent(
3540
this.props.history?.location?.pathname + this.props.history?.location?.search,
36-
)}&redirect_uri=${encodeURIComponent(frontendOrigin)}`;
41+
)}`;
3742

3843
fetch(loginUrl)
3944
.then(async (result) => {

src/services/User/User.js

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -316,8 +316,10 @@ export const fetchBasicUser = function (userId) {
316316
* @param authCode - the token
317317
*/
318318
export const callback = async (authCode, dispatch, push) => {
319-
const frontendOrigin = window.env.REACT_APP_URL || window.location.origin;
320-
const resetURI = `${window.env.REACT_APP_MAP_ROULETTE_SERVER_URL}/auth/callback?code=${authCode}&redirect_uri=${encodeURIComponent(frontendOrigin)}`;
319+
// No redirect_uri: the backend derives it from this fetch's Origin header,
320+
// matching the value used when starting the sign-in flow. Keep this a `fetch`
321+
// (not a navigation) so the Origin header is sent.
322+
const resetURI = `${window.env.REACT_APP_MAP_ROULETTE_SERVER_URL}/auth/callback?code=${authCode}`;
321323

322324
// Since we're bypassing Endpoint and manually performing an update, we
323325
// need to also manually reset the request cache.

0 commit comments

Comments
 (0)