From 6faef99b9023d424f1796555ec267c7aff5de2b4 Mon Sep 17 00:00:00 2001 From: AaronPlave Date: Fri, 20 Feb 2026 08:23:01 -0800 Subject: [PATCH 1/4] Include credentials when making a request to action server secrets. Add new backend env vars to docker-compose. --- docker-compose-test.yml | 2 ++ src/utilities/requests.ts | 1 + 2 files changed, 3 insertions(+) diff --git a/docker-compose-test.yml b/docker-compose-test.yml index f15ac674fe..22419f792a 100644 --- a/docker-compose-test.yml +++ b/docker-compose-test.yml @@ -15,6 +15,8 @@ services: PORT: 27186 AERIE_DB_HOST: postgres AERIE_DB_PORT: 5432 + ACTION_COOKIE_NAMES: '${ACTION_COOKIE_NAMES}' + ACTION_CORS_ALLOWED_ORIGIN: '${ACTION_CORS_ALLOWED_ORIGIN}' ACTION_DB_USER: '${SEQUENCING_USERNAME}' ACTION_DB_PASSWORD: '${SEQUENCING_PASSWORD}' ACTION_LOCAL_STORE: /usr/src/app/action_file_store diff --git a/src/utilities/requests.ts b/src/utilities/requests.ts index 5bc574287a..62de515d8b 100644 --- a/src/utilities/requests.ts +++ b/src/utilities/requests.ts @@ -64,6 +64,7 @@ export async function reqActionServer( }; const options: RequestInit = { + credentials: 'include', headers, method, signal, From bb93381cab611be8885d56443286d386dca1c8b0 Mon Sep 17 00:00:00 2001 From: AaronPlave Date: Mon, 23 Feb 2026 12:32:32 -0800 Subject: [PATCH 2/4] Update test.yml env vars --- .github/workflows/test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 57b3715387..697b08f3b3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -22,6 +22,8 @@ on: required: false env: + ACTION_COOKIE_NAMES: '${{secrets.ACTION_COOKIE_NAMES}}' + ACTION_CORS_ALLOWED_ORIGIN: '${{secrets.ACTION_CORS_ALLOWED_ORIGIN}}' AERIE_PASSWORD: '${{secrets.AERIE_PASSWORD}}' AERIE_USERNAME: '${{secrets.AERIE_USERNAME}}' HASURA_GRAPHQL_ADMIN_SECRET: '${{secrets.HASURA_GRAPHQL_ADMIN_SECRET}}' From 5590714ef37856dc6689d1220573cb2540c8eb30 Mon Sep 17 00:00:00 2001 From: AaronPlave Date: Tue, 24 Feb 2026 13:47:40 -0800 Subject: [PATCH 3/4] Add PUBLIC_ACTION_INCLUDE_CREDENTIALS env var --- .env | 1 + docs/ENVIRONMENT.md | 1 + src/utilities/requests.ts | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.env b/.env index 04a0310d75..a07261c762 100644 --- a/.env +++ b/.env @@ -7,6 +7,7 @@ PUBLIC_HASURA_CLIENT_URL=http://localhost:8080/v1/graphql PUBLIC_HASURA_SERVER_URL=http://localhost:8080/v1/graphql PUBLIC_HASURA_WEB_SOCKET_URL=ws://localhost:8080/v1/graphql PUBLIC_WORKSPACE_CLIENT_URL=http://localhost:28000 +PUBLIC_ACTION_INCLUDE_CREDENTIALS=false PUBLIC_AUTH_SSO_ENABLED=false PUBLIC_TIME_PLUGIN_ENABLED=false PUBLIC_LIBRARY_SEQUENCES_ENABLED=false diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md index 8f55e796fd..ef2662e8a5 100644 --- a/docs/ENVIRONMENT.md +++ b/docs/ENVIRONMENT.md @@ -11,6 +11,7 @@ This document provides detailed information about environment variables for Aeri | `PUBLIC_GATEWAY_CLIENT_URL` | Url of the Gateway as called from the client (i.e. web browser) | `string` | http://localhost:9000 | | `PUBLIC_GATEWAY_SERVER_URL` | Url of the Gateway as called from the server (i.e. Node.js container) | `string` | http://localhost:9000 | | `PUBLIC_ACTION_CLIENT_URL` | Url of the Action Server as called from the client (i.e. web browser) | `string` | http://localhost:27186 | +| `PUBLIC_ACTION_INCLUDE_CREDENTIALS`| Whether to include browser credentials (cookies) in requests to the Action Server. Required for cookie forwarding to actions. | `string` | false | | `PUBLIC_HASURA_CLIENT_URL` | Url of Hasura as called from the client (i.e. web browser) | `string` | http://localhost:8080/v1/graphql | | `PUBLIC_HASURA_SERVER_URL` | Url of Hasura as called from the server (i.e. Node.js container) | `string` | http://localhost:8080/v1/graphql | | `PUBLIC_WORKSPACE_CLIENT_URL` | Url of the Workspace Service as called from the client (i.e. web browser) | `string` | http://localhost:28000 | diff --git a/src/utilities/requests.ts b/src/utilities/requests.ts index 62de515d8b..d76bee6487 100644 --- a/src/utilities/requests.ts +++ b/src/utilities/requests.ts @@ -64,7 +64,7 @@ export async function reqActionServer( }; const options: RequestInit = { - credentials: 'include', + credentials: env.PUBLIC_ACTION_INCLUDE_CREDENTIALS === 'true' ? 'include' : 'omit', headers, method, signal, From 2862137ab9dcec7750b9b1499fcc581d164b545e Mon Sep 17 00:00:00 2001 From: dandelany Date: Tue, 24 Feb 2026 17:25:47 -0800 Subject: [PATCH 4/4] linting --- docs/ENVIRONMENT.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md index ef2662e8a5..4e8f7d29ba 100644 --- a/docs/ENVIRONMENT.md +++ b/docs/ENVIRONMENT.md @@ -2,19 +2,19 @@ This document provides detailed information about environment variables for Aerie UI. -| Name | Description | Type | Default | -| ---------------------------------- | ------------------------------------------------------------------------------------------------------------- | -------- | -------------------------------- | -| `ORIGIN` | Url of where the UI is served from. See the [Svelte Kit Adapter Node docs][svelte-kit-adapter-node-docs]. | `string` | http://localhost | -| `PUBLIC_AERIE_FILE_STORE_PREFIX` | Prefix to prepend to files uploaded through simulation configuration. | `string` | /usr/src/app/merlin_file_store/ | -| `PUBLIC_AUTH_SSO_ENABLED` | Whether to use the SSO-based auth flow, or the /login page auth flow | `string` | false | -| `PUBLIC_COMMAND_EXPANSION_MODE` | Sets the mode to be used for command expansion, typescript or templating | `string` | typescript | -| `PUBLIC_GATEWAY_CLIENT_URL` | Url of the Gateway as called from the client (i.e. web browser) | `string` | http://localhost:9000 | -| `PUBLIC_GATEWAY_SERVER_URL` | Url of the Gateway as called from the server (i.e. Node.js container) | `string` | http://localhost:9000 | -| `PUBLIC_ACTION_CLIENT_URL` | Url of the Action Server as called from the client (i.e. web browser) | `string` | http://localhost:27186 | -| `PUBLIC_ACTION_INCLUDE_CREDENTIALS`| Whether to include browser credentials (cookies) in requests to the Action Server. Required for cookie forwarding to actions. | `string` | false | -| `PUBLIC_HASURA_CLIENT_URL` | Url of Hasura as called from the client (i.e. web browser) | `string` | http://localhost:8080/v1/graphql | -| `PUBLIC_HASURA_SERVER_URL` | Url of Hasura as called from the server (i.e. Node.js container) | `string` | http://localhost:8080/v1/graphql | -| `PUBLIC_WORKSPACE_CLIENT_URL` | Url of the Workspace Service as called from the client (i.e. web browser) | `string` | http://localhost:28000 | -| `PUBLIC_HASURA_WEB_SOCKET_URL` | Url of Hasura called to establish a web-socket connection from the client | `string` | ws://localhost:8080/v1/grap | -| `PUBLIC_LIBRARY_SEQUENCES_ENABLED` | Whether to enable automatic loading of library sequences in all workspace sequence files | `string` | false | -| `PUBLIC_TIME_PLUGIN_ENABLED` | Whether the client should load a user-supplied `time-plugin.js` plugin from the `static/resources` directory. | `string` | false | +| Name | Description | Type | Default | +| ----------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | -------- | -------------------------------- | +| `ORIGIN` | Url of where the UI is served from. See the [Svelte Kit Adapter Node docs][svelte-kit-adapter-node-docs]. | `string` | http://localhost | +| `PUBLIC_AERIE_FILE_STORE_PREFIX` | Prefix to prepend to files uploaded through simulation configuration. | `string` | /usr/src/app/merlin_file_store/ | +| `PUBLIC_AUTH_SSO_ENABLED` | Whether to use the SSO-based auth flow, or the /login page auth flow | `string` | false | +| `PUBLIC_COMMAND_EXPANSION_MODE` | Sets the mode to be used for command expansion, typescript or templating | `string` | typescript | +| `PUBLIC_GATEWAY_CLIENT_URL` | Url of the Gateway as called from the client (i.e. web browser) | `string` | http://localhost:9000 | +| `PUBLIC_GATEWAY_SERVER_URL` | Url of the Gateway as called from the server (i.e. Node.js container) | `string` | http://localhost:9000 | +| `PUBLIC_ACTION_CLIENT_URL` | Url of the Action Server as called from the client (i.e. web browser) | `string` | http://localhost:27186 | +| `PUBLIC_ACTION_INCLUDE_CREDENTIALS` | Whether to include browser credentials (cookies) in requests to the Action Server. Required for cookie forwarding to actions. | `string` | false | +| `PUBLIC_HASURA_CLIENT_URL` | Url of Hasura as called from the client (i.e. web browser) | `string` | http://localhost:8080/v1/graphql | +| `PUBLIC_HASURA_SERVER_URL` | Url of Hasura as called from the server (i.e. Node.js container) | `string` | http://localhost:8080/v1/graphql | +| `PUBLIC_WORKSPACE_CLIENT_URL` | Url of the Workspace Service as called from the client (i.e. web browser) | `string` | http://localhost:28000 | +| `PUBLIC_HASURA_WEB_SOCKET_URL` | Url of Hasura called to establish a web-socket connection from the client | `string` | ws://localhost:8080/v1/grap | +| `PUBLIC_LIBRARY_SEQUENCES_ENABLED` | Whether to enable automatic loading of library sequences in all workspace sequence files | `string` | false | +| `PUBLIC_TIME_PLUGIN_ENABLED` | Whether the client should load a user-supplied `time-plugin.js` plugin from the `static/resources` directory. | `string` | false |