follow returnTo when hitting /login while already logged in#221
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
| decoded = decodeURIComponent(path) | ||
| } catch { | ||
| return '/' | ||
| } |
There was a problem hiding this comment.
This was just hardening against an edge case failure mode, classic GPT-5.5. Seems fine: low cost, covered in new unit test.
| export { auth, handleAuthenticationCallback } | ||
|
|
||
| const RFD_PATH = /^\/rfd\/[0-9]{1,4}\??.*$/ | ||
| const RFD_PATH = /^\/rfd\/[0-9]{1,4}(?:\/discussion)?(?:\?.*)?$/ |
There was a problem hiding this comment.
the previous regex was effectively /^\/rfd\/[0-9]{1,4}/ (\??.* simplifies to .*, .*$ in practice simplifies to nothing at all), so now this regex DOES explicitly match for RFD paths and not just "things that start with an RFD path". good fix
but: why does /discussion make the cut here, and not pdf, raw, etc? i could make an argument to tolerate any sub-path at all, honestly (as long as you see a slash after the rfd digits, it "looks right enough" within this context). would help to have some elaboration in the tests (or a commit message) of why discussion gets the special case, and perhaps to move the /raw example in the tests to the 'rejects non-RFD paths' test, since it's not really malformed. if we really do want to reject all other rfd sub-paths, that is
There was a problem hiding this comment.
I saw this go by as a robot choice but didn't really think about why. Turns out it had a decent reason. /discussion gets included is because it's the only subpath the app currently constructs as a returnTo.
rfd-site/app/routes/rfd.$slug.discussion.tsx
Lines 25 to 28 in e05dd46
/raw defines a returnTo, but it goes to the RFD page, not /raw:
rfd-site/app/routes/rfd.$slug.raw.tsx
Lines 36 to 38 in e05dd46
and /pdf just 404s if you hit it while logged out on a private RFD.
rfd-site/app/routes/rfd.$slug.pdf.tsx
Lines 19 to 22 in e05dd46
This status quo doesn't really make sense — /raw and /pdf should also construct returnTo using their actual paths. So I fixed that in 8b7f1a5 and loosened the regex to allow any subpath.
|
Confirmed it works in prod. |
I tried to go to RFD 704 in a browser where I was logged out (I use Chrome for Google Meet and nothing else). I landed on
https://rfd.shared.oxide.computer/login?returnTo=/rfd/0704. I copied and pasted that URL into the browser I normally use because that's where I want to read it. I got taken to/instead of RFD 704. Turns out this is because we ignorereturnTo. So in this change we stop doing that.