Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(editor): Prevent Safari users from accessing the frontend over insecure contexts #10510

Merged
merged 1 commit into from
Aug 22, 2024
Merged

fix(editor): Prevent Safari users from accessing the frontend over insecure contexts #10510

merged 1 commit into from
Aug 22, 2024

Conversation

netroy
Copy link
Member

@netroy netroy commented Aug 22, 2024

Summary

Safari currently does not allow using secure cookies on localhost. This prevents anyone running n8n locally without https from accessing the frontend since all they ever see is the login screen, despite trying to logging-in multiple times.
Since the application cannot function this way, this PR updates the secure-cookie frontend check to also include a check for safari now.

Related Linear tickets, Github issues, and Community forum posts

ADO-2400

Review / Merge checklist

  • PR title and summary are descriptive

@n8n-assistant n8n-assistant bot added n8n team Authored by the n8n team ui Enhancement in /editor-ui or /design-system labels Aug 22, 2024
MiloradFilipovic
MiloradFilipovic approved these changes Aug 22, 2024
View reviewed changes
Copy link
Contributor

@MiloradFilipovic MiloradFilipovic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, left a comment but good to go otherwise

packages/editor-ui/package.json
@@ -44,6 +44,7 @@
"@vueuse/components": "^10.11.0",
"@vueuse/core": "^10.11.0",
"axios": "catalog:",
"bowser": "2.11.0",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we implement this without adding additional dependency just to detect Safari?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. This is already a transitive dependency (check the lockfile changes)
  2. This adds about 5KB to the bundle before any tree-shaking

@cypress Cypress
Copy link

cypress bot commented Aug 22, 2024


Test summary

414 0 0 0Flakiness 1

Run details
Project n8n
Status Passed
Commit 321540b
Started Aug 22, 2024 12:08 PM
Ended Aug 22, 2024 12:12 PM
Duration 04:44 💡
OS Linux Debian -
Browser Electron 118

View run in Cypress Cloud ➡️

Flakiness

e2e/30-editor-after-route-changes.cy.ts Flakiness
1 Editor actions should work > after switching between Editor and Executions

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Cloud

@github-actions GitHub Actions
Copy link
Contributor

✅ All Cypress E2E specs passed

@netroy netroy merged commit a73b9a3 into master Aug 22, 2024
32 checks passed
@netroy netroy deleted the ADO-2400-safari-secure-cookie branch August 22, 2024 12:30
This was referenced Aug 28, 2024
Merged
Merged
@janober
Copy link
Member

janober commented Aug 28, 2024

Got released with [email protected]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MiloradFilipovic MiloradFilipovic MiloradFilipovic approved these changes

Assignees
No one assigned
Labels
n8n team Authored by the n8n team Released ui Enhancement in /editor-ui or /design-system
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@netroy @janober @MiloradFilipovic