Skip to content

fix(compass-web): adjust sandbox code for cloud backend and electron changes COMPASS-9569 #7128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jul 21, 2025
+35 −31
Merged

fix(compass-web): adjust sandbox code for cloud backend and electron changes COMPASS-9569 #7128

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
dba30a4
fix(compass-web): adjust sandbox code to account for backend changes
gribnoysup Jul 21, 2025
aea3d36
chore(compass-web): utilise the set-cookie header when received in th…
gribnoysup Jul 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions configs/webpack-config-compass/src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,9 @@ const sharedIgnoreWarnings: NonNullable<Configuration['ignoreWarnings']> = [
/the request of a dependency is an expression/,
// Optional, platform-specific dependencies (mostly from driver)
/Module not found.+?(mongo_crypt_v1.(dll|so|dylib)|@mongodb-js\/zstd|aws-crt|gcp-metadata)/,
// Optional, comes from emotion trying to (safely) use react apis that we
// don't have in React 17
/export 'useInsertionEffect'/,
Copy link
Collaborator Author

@gribnoysup gribnoysup Jul 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Drive-by, was really noisy in webpack logs and we know it's okay to ignore

];

const sharedResolveOptions = (
Expand Down
34 changes: 9 additions & 25 deletions packages/compass-web/scripts/electron-proxy.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,12 +118,15 @@
* @returns {Promise<string[]>}
*/
async #getCloudSessionCookies() {
const cloudHostCookies = await session.defaultSession.cookies.get({
domain: CLOUD_CONFIG_VARIANTS === 'local' ? 'localhost' : 'mongodb.com',
});
return cloudHostCookies.map((cookie) => {
return `${cookie.name}=${cookie.value}`;
});
const tld = CLOUD_CONFIG_VARIANTS === 'local' ? 'localhost' : 'mongodb.com';
const cloudHostCookies = (await session.defaultSession.cookies.get({}))
.filter((cookie) => {
return cookie.domain?.endsWith(tld) ?? true;
Copy link
Member

@Anemy Anemy Jul 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah TIL domain isn't always there https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#define_where_cookies_are_sent

Copy link
Collaborator Author

@gribnoysup gribnoysup Jul 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hah, yeah, I was mostly going off of types here, I think for proxy purposes it's easier to include the ones that don't have any value there just in case

})
.map((cookie) => {
return `${cookie.name}=${cookie.value}`;
});
return cloudHostCookies;
}

/**
Expand All @@ -135,18 +138,10 @@
}

async #fetch(path, init) {
let csrfHeaders;
if (
init?.method &&
/^(GET|HEAD|OPTIONS|TRACE)$/i.test(init.method) === false
) {
csrfHeaders = await this.#getCSRFHeaders();
}
return electronFetch(`${CLOUD_ORIGIN}${path}`, {
...init,
headers: {
...init?.headers,
...csrfHeaders,
},
}).then(handleRes);
}
Expand All @@ -159,17 +154,6 @@
return new URL(url, 'http://localhost').pathname.startsWith('/v2/');
}

async #getCSRFHeaders() {
Copy link
Collaborator Author

@gribnoysup gribnoysup Jul 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Drive-by, we moved this logic to the client some time ago and forgot to remove this

const projectId = await this.getProjectId();
const { csrfToken, csrfTime } = await this.#fetch(
`/v2/${projectId}/params`
);
return {
...(csrfToken && { 'X-CSRF-Token': csrfToken }),
...(csrfTime && { 'X-CSRF-Time': csrfTime }),
};
}

async getCloudHeaders(hostSubdomain = '') {
const cookie = (await this.#getCloudSessionCookies()).join('; ');
return {
Expand Down
Loading