Description
A FIXME comment in the codebase indicates an unresolved issue with CORS handling when using public client mode without an access token.
Location
- File:
src/browser_sdk/index.ts
- Line: ~244
- Method:
fetch()
Issue Description
The FIXME comment states:
// FIXME: if we do not have a token but still are in public client mode,
// the userInfo request will fail because of CORS which tries to send
// cookies to the domain
This suggests that when OIDC is configured but no access token is available, the system falls back to cookie-based authentication, which can cause CORS issues in public client scenarios.
Context
This issue is in the fetch method where Bearer token authentication is handled. When no access token is available, the system should handle the authentication gracefully without causing CORS failures.
Expected Behavior
The system should properly handle authentication in public client mode even when no access token is available, without triggering CORS errors.
Additional Notes
- There's also a minor typo in the comment: 'hav' should be 'have'
References
Requested by: @wolfoo2931
Description
A FIXME comment in the codebase indicates an unresolved issue with CORS handling when using public client mode without an access token.
Location
src/browser_sdk/index.tsfetch()Issue Description
The FIXME comment states:
This suggests that when OIDC is configured but no access token is available, the system falls back to cookie-based authentication, which can cause CORS issues in public client scenarios.
Context
This issue is in the
fetchmethod where Bearer token authentication is handled. When no access token is available, the system should handle the authentication gracefully without causing CORS failures.Expected Behavior
The system should properly handle authentication in public client mode even when no access token is available, without triggering CORS errors.
Additional Notes
References
Requested by: @wolfoo2931