File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -22,7 +22,6 @@ REACT_APP_DEFAULT_LOCALE='en-US'
2222REACT_APP_MAP_ROULETTE_SERVER_URL = ' http://127.0.0.1:9000'
2323REACT_APP_MAP_ROULETTE_SERVER_WEBSOCKET_URL = ' ws://127.0.0.1:9000/ws'
2424REACT_APP_MAP_ROULETTE_SERVER_GRAPHQL_URL = ' http://127.0.0.1:9000/graphql'
25- REACT_APP_SERVER_OAUTH_URL = ' http://127.0.0.1:9000/auth/authenticate?redirect=/mr3'
2625
2726# OSM Server
2827REACT_APP_OSM_SERVER = ' https://www.openstreetmap.org'
Original file line number Diff line number Diff line change @@ -36,7 +36,7 @@ Note that this will create the development build and not the 'production' build.
3636
3737 ```
3838 REACT_APP_URL='http://127.0.0.1:3000'
39- REACT_APP_SERVER_OAUTH_URL ='http://127.0.0.1:9000/auth/authenticate?redirect=http://127.0.0.1:3000 '
39+ REACT_APP_MAP_ROULETTE_SERVER_URL ='http://127.0.0.1:9000'
4040 ```
4141
42422 . Build the image using ` docker build --pull -t maproulette-ui . `
@@ -85,9 +85,11 @@ the container to see them reflected in the application.
8585
86866 . Edit your ` .env.local ` file in your front-end project and set:
8787 ```
88- REACT_APP_SERVER_OAUTH_URL ='http://127.0.0.1:9000/auth/authenticate?redirect=http://127.0.0.1:3000 '
88+ REACT_APP_MAP_ROULETTE_SERVER_URL ='http://127.0.0.1:9000'
8989 ```
9090 (assuming your back-end server is on port 9000 and front-end is on port 3000).
91+ The OAuth sign-in flow is served from this back-end URL; the redirect target is
92+ derived from the request's Origin header, so no separate OAuth URL is needed.
9193 Restart or startup your front-end server, and then navigate to the front-end
9294 at http://127.0.0.1:3000
9395
Original file line number Diff line number Diff line change @@ -30,10 +30,15 @@ export class SignInButton extends Component {
3030
3131 this . setState ( { clicked : true } ) ;
3232
33- const frontendOrigin = window . env . REACT_APP_URL || window . location . origin ;
34- const loginUrl = `${ window . env . REACT_APP_SERVER_OAUTH_URL } ${ encodeURIComponent (
33+ // We intentionally don't pass a redirect_uri: the backend derives it from
34+ // this request's Origin header, which resolves correctly across deployments
35+ // (maproulette.org, beta.maproulette.org, 127.0.0.1). For that to work this
36+ // must stay a `fetch` (not a top-level navigation) AND target the API host
37+ // rather than a same-origin relative path — browsers omit the Origin header
38+ // on same-origin GET fetches, so either would drop it.
39+ const loginUrl = `${ window . env . REACT_APP_MAP_ROULETTE_SERVER_URL } /auth/authenticate?redirect=${ encodeURIComponent (
3540 this . props . history ?. location ?. pathname + this . props . history ?. location ?. search ,
36- ) } &redirect_uri= ${ encodeURIComponent ( frontendOrigin ) } `;
41+ ) } `;
3742
3843 fetch ( loginUrl )
3944 . then ( async ( result ) => {
Original file line number Diff line number Diff line change @@ -316,8 +316,10 @@ export const fetchBasicUser = function (userId) {
316316 * @param authCode - the token
317317 */
318318export const callback = async ( authCode , dispatch , push ) => {
319- const frontendOrigin = window . env . REACT_APP_URL || window . location . origin ;
320- const resetURI = `${ window . env . REACT_APP_MAP_ROULETTE_SERVER_URL } /auth/callback?code=${ authCode } &redirect_uri=${ encodeURIComponent ( frontendOrigin ) } ` ;
319+ // No redirect_uri: the backend derives it from this fetch's Origin header,
320+ // matching the value used when starting the sign-in flow. Keep this a `fetch`
321+ // (not a navigation) so the Origin header is sent.
322+ const resetURI = `${ window . env . REACT_APP_MAP_ROULETTE_SERVER_URL } /auth/callback?code=${ authCode } ` ;
321323
322324 // Since we're bypassing Endpoint and manually performing an update, we
323325 // need to also manually reset the request cache.
You can’t perform that action at this time.
0 commit comments