Skip to content

chore: show warning on sign in page when sessionCookieSecret is missing#938

Merged
stevenle merged 2 commits intomainfrom
codex/add-warning-box-for-session-secret
Feb 26, 2026
Merged

chore: show warning on sign in page when sessionCookieSecret is missing#938
stevenle merged 2 commits intomainfrom
codex/add-warning-box-for-session-secret

Conversation

@stevenle
Copy link
Member

@stevenle stevenle commented Feb 26, 2026

Motivation

  • Provide a clear developer-facing warning on the CMS sign-in page when server.sessionCookieSecret is not configured in development to reduce accidental insecure setups.

Description

  • Add a warning field to the server-side rendering context in renderSignIn that is set when process.env.NODE_ENV === 'development' and options.rootConfig.server?.sessionCookieSecret is missing.
  • Inject the warning into the client context window.__ROOT_CTX so the sign-in frontend can access it.
  • Update the sign-in frontend to declare the warning in the global type, read window.__ROOT_CTX.warning, and render a .signin__warning banner when present.
  • Add styles for .signin__warning in packages/root-cms/signin/styles/signin.css to visually highlight the warning.

Testing

  • No automated tests were added or run for this change.

Codex Task

@stevenle stevenle changed the title Show dev warning on Sign In when server.sessionCookieSecret is missing chore: show warning on sign in page when sessionCookieSecret is missing Feb 26, 2026
@stevenle stevenle requested a review from jeremydw February 26, 2026 04:19
@stevenle
Copy link
Member Author

stevenle commented Feb 26, 2026

on dev, an explicit warning is displayed:

Screenshot 2026-02-25 at 8 18 44 PM

on prod, a generic warning instead with suggestion to check logs:

Screenshot 2026-02-25 at 8 19 06 PM :

@jeremydw
Copy link
Member

jeremydw commented Feb 26, 2026

LGTM

@stevenle stevenle merged commit e2b4568 into main Feb 26, 2026
1 check passed
@stevenle stevenle deleted the codex/add-warning-box-for-session-secret branch February 26, 2026 15:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeremydw jeremydw Awaiting requested review from jeremydw

Assignees

@jeremydw jeremydw

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stevenle @jeremydw