cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon netlify

Role based redirects does not work as intended in dev mode

Open nekdolan opened this issue 3 years ago • 6 comments

Describe the bug

When you make a role based rewrite (not redirect) on dev mode or live dev mode the rewrite to the page returns 404. Works correctly on production. https://answers.netlify.com/t/role-based-redirects-does-not-work-as-intended-in-dev-mode/50667

To Reproduce

Steps to reproduce the behavior:

Make a configuration like the one you see below.

[[redirects]]
  from = "/*"
  to = "/pro/:splat"
  status = 200
  conditions = {Role = ["pro"]}

Put a test.html file in /pro . Login as user with role set to "pro" Try to access /pro/test.html at /test.html

Configuration

[build]
  publish = "dist"
  functions = "functions"
[dev]
  publish = "dist"
  functions = "functions"
[functions]
  node_bundler = "esbuild"
[[redirects]]
  from = "/pro/*"
  to = "/:splat"
  force = true
  status = 302
[[redirects]]
  from = "/free/*"
  to = "/:splat"
  force = true
  status = 302
[[redirects]]
  from = "/*"
  to = "/pro/:splat"
  status = 200
  conditions = {Role = ["pro"]}
[[redirects]]
  from = "/*"
  to = "/free/:splat"
  status = 200

System:
    OS: Linux 5.16 Fedora Linux 35 (Workstation Edition)
    CPU: (8) x64 Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz
    Memory: 150.58 MB / 15.27 GB
    Container: Yes
    Shell: 5.1.8 - /bin/bash
  Binaries:
    Node: 16.6.2 - ~/.nvm/versions/node/v16.6.2/bin/node
    Yarn: 1.22.11 - ~/.nvm/versions/node/v16.6.2/bin/yarn
    npm: 7.20.3 - ~/.nvm/versions/node/v16.6.2/bin/npm
  npmGlobalPackages:
    netlify-cli: 8.13.2

Expected behavior

The browser should open test.html

nekdolan avatar Feb 17 '22 11:02 nekdolan

I'm also having this issue, with the more basic setup proposed in examples (although none of the docs show how to do this in toml, only in a redirects file). My config:

[[redirects]]
from = "/admin/*"
force = true
status = 200
conditions = {Role = ["admin"]}

[[redirects]]
from = "/admin/*"
to = "/login/"
force = true
status = 401

Seems to work in production, but when I run netlify dev locally, I get sent to login no matter what my logged-in/role status. For now, I just have to delete the redirects locally for development, and make sure I remember not to commit that change.

mirisuzanne avatar Apr 22 '22 21:04 mirisuzanne

@mirisuzanne @nekdolan Is the repository you were working on public? If yes, could you provide a link to it so I can reproduce this issue?

tinfoil-knight avatar Aug 16 '22 09:08 tinfoil-knight

The repo is public (https://github.com/mirisuzanne/grapefruitlab) but relies heavily on APIs with private access keys. Not sure if that will work for you or not.

mirisuzanne avatar Aug 16 '22 19:08 mirisuzanne

@tinfoil-knight sorry no, but it was easy to reproduce.

nekdolan avatar Aug 17 '22 19:08 nekdolan

Hey folks, I followed up internally & fixing this is going to take a while.

Suggested Workaround for now:

Create a function as described in https://www.netlify.com/blog/2019/01/31/restrict-access-to-your-sites-with-role-based-redirects/ so that http cookies are set properly which will make role based redirects functional on localhost too.

Note for Contributors: The Netlify Identity service (specifically the identity/token endpoint doesn’t respond with the set-cookie header for localhost (unexpected) but does so on production.

The cookie with nf_jwt is necessary for role based redirects to work.

tinfoil-knight avatar Aug 30 '22 19:08 tinfoil-knight