Protect against some previewing errors I noticed this morning#1333
Protect against some previewing errors I noticed this morning#1333KevinDCarlson wants to merge 1 commit into
Conversation
| headers, | ||
| }; | ||
| try { | ||
| const token = await withTimeout(currentUser.getIdToken(), 5000); |
There was a problem hiding this comment.
this can sometimes hang forever if there's a stale session in the browser and your current domain isn't Firebase-authorized, i.e. if you're futzing around a lot in Netlify previews.
There was a problem hiding this comment.
What do you mean by "futzing around"? You tried to login via Google/Github on the preview?
There was a problem hiding this comment.
No, I don't think you have to have tried to log in to make this break, it's something about the mere request for a firebase token that then gets turned down. I wouldn't be able to fully diagnose it myself but I could send you some robot's description if you like.
There was a problem hiding this comment.
Here is what the robot says:
Symptom: On the sirius Netlify branch preview (branch-sirius--catcolab.netlify.app, built in staging → backend-next + Firebase project catcolab-next), any backend call hung forever — "creating…" spinner never resolved, import silently reset, zero RPC requests in the Network tab, nothing logged. Incognito worked fine.
Root cause: The frontend attaches auth per-request in createFetchWithAuth (packages/frontend/src/api/rpc.ts):
if (currentUser) {
const token = await currentUser.getIdToken(); // <-- stalls, never settles
headers.set("Authorization", `Bearer ${token}`);
}
return await fetch(...); // never reached
currentUser.getIdToken() never resolved, so the fetch was never dispatched. It stalls because the preview origin isn't in catcolab-next's Authorized domains, and Firebase's token-refresh path coordinates through the cross-origin gapi iframe hosted at the authDomain — on an unauthorized origin that handshake never posts back (it doesn't error, it just hangs).
There was a problem hiding this comment.
Actually, we're confused about how currentUser could ever have gotten to be non-null on a non-Firebase-whitelisted domain, and the forensics trail is cold. But the incognito check seems to prove that's what somehow happened. Might be some deeper mystery in here, but cutting off these infinite hangs does at least fix the symptom. Or, if this is ever observed again, whitelisting that preview on Firebase also fixes it. Sorry I can't actually explain how it happened.
|
Thanks Kevin! @kasbah, can you please review whether this is the right approach to solve this? |
The problem this was responsive to is that it was possible to get a Netlify preview up that was totally incapable of opening a model, if you have a stale session from the same host, due to some interactions with Firebase attempting to do some auth that it can't do on a non-whitelisted host. It's a bit hard to repro the bug situation itself because it happens entirely client-side, but the changes here are pretty chill. The time-outs should never happen on the happy path.