Uploaded image for project: 'Magnolia Personalization'
  1. Magnolia Personalization
  2. MGNLPN-621

p13n not working with external SPA

    XMLWordPrintable

Details

    • Bug
    • Resolution: Workaround exists
    • Critical
    • None
    • None
    • None
    • None

    Description

      Problem

      On external SPA on a different domain then Magnolia - In the page editor, on a component when you use the variant selector, it always flips back to "Original". This makes the feature hard to use because an author cannot see the content they are entering! (With that selector)

      Notes

      p13n with external SPA uses session cookies when fetching template annotations to return the correct selected variant.
      The fetch call is a CORS call, and CORS calls by default do not add credentials (e.g. cookies).
      It should be achievable with:

      • setting a flag in fetch `credentials: 'include'`
      • setting in cors supportsCredentials
      • not using a wildcard in the allowed origins header

      It does work for localhost scenario:

      • magnolia on localhost:8080
      • spa on localhost:3000

      or according to this info it might work "for the same second-level domain".

      when the same code is run with two different domains/ips

      • magnolia on 192.168.10.10:8080 or magnolia.pl
      • spa on 192.168.10.20:300 or spa.pl
        this is not working.

      It looks like browsers are pushing the CORS credentials more than we can find in the available literature.

      Browser behaviours affect us that CORS requests for 2 different domains will not pass any credentials regardless of the flags and CORS server settings.

      Proposed solution
      Move the info/state data to search query params added to the iframe preview.
      We already do this:
      `?mgnlPreview=false&mgnlChannel=desktop`

      We could extend it with:
      `?mgnlPreview=false&mgnlChannel=desktop&variants=all&JSESSIONID=5E2232677BE5408B79E90F0BAF591991`

      (I am sneaking in `variants=all` here as well )

      Then front end code would have to only pass the query params coming from the initial request.
      It would also allow the template annotations to be fetched on the server side.

      If passing straight session seems to be too bold then we could also add comps id's (hashed to make the ID shorter) and its selected variants. e.g.
      `mgnlPreview=false&mgnlChannel=desktop&variants=all&B806B2FC=variant-0&C808B2BG=variant-1`
      allowing template annotations to return correct selected variants.

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              rdhar Rishab Dhar
              bstaryga Bartosz Staryga
              DeveloperX
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Bug DoR
                  Task DoD