Skip to content

Only set secret key or client ID when not using auth token #6994

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 10, 2025
Merged

Only set secret key or client ID when not using auth token #6994

merged 1 commit into from
May 10, 2025
+8 −7

Conversation

@jnsdls
Copy link
Member

@jnsdls jnsdls commented May 9, 2025
edited by pr-codex bot
Loading

This PR modifies the header setting logic in getClientFetch to ensure that secret keys and client IDs are only set when not using an auth token. This prevents potential conflicts between different authentication methods by making the header setting logic mutually exclusive.

PR-Codex overview

This PR modifies the logic for setting HTTP headers in the fetch.ts file. It ensures that the x-secret-key and x-client-id headers are only set when an authentication token is not being used, improving the conditional handling of these headers.

Detailed summary

  • Changed the logic for setting x-secret-key to only occur if an authentication token is not used.
  • Adjusted the placement of the if (clientId) condition to maintain clarity in header setting.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

@vercel
Copy link

vercel bot commented May 9, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
docs-v2 ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 10, 2025 3:02am
login ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 10, 2025 3:02am
thirdweb_playground ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 10, 2025 3:02am
thirdweb-www ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 10, 2025 3:02am
wallet-ui ✅ Ready (Inspect) Visit Preview 💬 Add feedback May 10, 2025 3:02am

@changeset-bot
Copy link

changeset-bot bot commented May 9, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: e739de1

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions github-actions bot added packages SDK Involves changes to the thirdweb SDK labels May 9, 2025
@jnsdls Graphite App
Copy link
Member Author

jnsdls commented May 9, 2025

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

  • merge-queue - adds this PR to the back of the merge queue
  • hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

@jnsdls jnsdls marked this pull request as ready for review May 9, 2025 21:40
@jnsdls jnsdls requested review from a team as code owners May 9, 2025 21:40
@github-actions
Copy link
Contributor

github-actions bot commented May 9, 2025
edited
Loading

size-limit report 📦

Path Size Loading time (3g) Running time (snapdragon) Total time
thirdweb (esm) 54.21 KB (+0.06% 🔺) 1.1 s (+0.06% 🔺) 196 ms (+190.17% 🔺) 1.3 s
thirdweb (cjs) 193.92 KB (+0.02% 🔺) 3.9 s (+0.02% 🔺) 345 ms (+30.25% 🔺) 4.3 s
thirdweb (minimal + tree-shaking) 5.68 KB (-0.06% 🔽) 114 ms (-0.06% 🔽) 88 ms (+1314.72% 🔺) 202 ms
thirdweb/chains (tree-shaking) 524 B (0%) 11 ms (0%) 27 ms (+652.99% 🔺) 38 ms
thirdweb/react (minimal + tree-shaking) 19.55 KB (+0.21% 🔺) 391 ms (+0.21% 🔺) 67 ms (+521.17% 🔺) 458 ms

@codecov
Copy link

codecov bot commented May 9, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 54.59%. Comparing base (451594c) to head (e739de1).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #6994      +/-   ##
==========================================
- Coverage   54.60%   54.59%   -0.01%     
==========================================
  Files         903      903              
  Lines       57934    57935       +1     
  Branches     3968     3970       +2     
==========================================
- Hits        31636    31632       -4     
- Misses      26198    26202       +4     
- Partials      100      101       +1
Flag Coverage Δ
packages 54.59% <100.00%> (-0.01%) ⬇️
Files with missing lines Coverage Δ
packages/thirdweb/src/utils/fetch.ts 82.60% <100.00%> (+0.09%) ⬆️

... and 3 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@graphite-app
Copy link
Contributor

graphite-app bot commented May 9, 2025
edited
Loading

Merge activity

graphite-app bot pushed a commit that referenced this pull request May 9, 2025
@jnsdls
Only set secret key or client ID when not using auth token (#6994)
e8b2580 
This PR modifies the header setting logic in `getClientFetch` to ensure that secret keys and client IDs are only set when not using an auth token. This prevents potential conflicts between different authentication methods by making the header setting logic mutually exclusive.
@graphite-app graphite-app bot force-pushed the Only_set_secret_key_or_client_ID_when_not_using_auth_token branch from b1e96c0 to e8b2580 Compare May 9, 2025 21:49
joaquim-verges
joaquim-verges reviewed May 9, 2025
View reviewed changes
@jnsdls
Only set secret key or client ID when not using auth token (#6994)
e739de1 
This PR modifies the header setting logic in `getClientFetch` to ensure that secret keys and client IDs are only set when not using an auth token. This prevents potential conflicts between different authentication methods by making the header setting logic mutually exclusive.

<!-- start pr-codex -->

---

## PR-Codex overview
This PR modifies the logic in the `fetch.ts` file to ensure that the `x-secret-key` and `x-client-id` headers are only set when not using the authentication token, enhancing security and clarity in header management.

### Detailed summary
- Added an `else` clause to only set `x-secret-key` if not using the auth token.
- Rearranged the condition for setting `x-client-id` to follow the new logic.

> ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`

<!-- end pr-codex -->
@graphite-app graphite-app bot force-pushed the Only_set_secret_key_or_client_ID_when_not_using_auth_token branch from 05fd329 to e739de1 Compare May 10, 2025 02:54
@graphite-app graphite-app bot merged commit e739de1 into main May 10, 2025
23 checks passed
@graphite-app graphite-app bot deleted the Only_set_secret_key_or_client_ID_when_not_using_auth_token branch May 10, 2025 03:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@graphite-app graphite-app[bot] graphite-app[bot] left review comments

@joaquim-verges joaquim-verges joaquim-verges approved these changes

@MananTank MananTank MananTank approved these changes

Assignees

@jnsdls jnsdls

Labels

packages SDK Involves changes to the thirdweb SDK

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jnsdls @joaquim-verges @MananTank