Manually calling APIs without adding the correct RID header can result in a 404 #202
Closed
5 tasks done
Assignees
Labels
bug
Something isn't working
Comments
This was referenced Nov 3, 2021
This was referenced Nov 11, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem
If a user calls one of our APIs manually and does not add the
ridheader, the API fails with a 404.Ideal outcome
The API should behave the same way it does when the SDK calls the API internally
Root Cause
In the frontend SDKs when a user calls an API with interception enabled and without adding the
ridheader, the request interceptor addsrid: "session"by default. For APIs that dont belong to the session recipe the middleware rejects the request path and a 404 can be thrown.Workarounds
Manually adding a valid
ridin the request headers resolves this issuePermanent fix (Possible solution)
The frontend SDKs should use a custom default
ridheader ("anti-csrf" for example) and the backend SDK should handle this header value the same way it handles requests having noridheader (i.e undefined). This will result in the middleware looping through all available recipes to route the API request correctlySDKs
The text was updated successfully, but these errors were encountered: