[CORL-822] Safari Fix (#2760)

* fix: forced version * fix: removed cookie code * chore: version bump
2026-06-27 20:23:30 +08:00 · 2019-12-19 19:15:00 +00:00
parent 637605a002
commit 64800ffaee
3 changed files with 3 additions and 30 deletions
@@ -7,7 +7,6 @@ import { createReduxEmitter } from './events';
 import { createRestClient } from './rest';
 import thunk from 'redux-thunk';
 import { loadTranslations } from './i18n';
-import bowser from 'bowser';
 import noop from 'lodash/noop';
 import { BASE_PATH } from 'coral-framework/constants/url';
 import { createPluginsService } from './plugins';
@@ -65,12 +64,7 @@ const getAuthToken = (store, storage) => {
    }

    return token;
-  } else if (
-    !bowser.safari &&
-    !bowser.ios &&
-    storage &&
-    storage.getItem('token')
-  ) {
+  } else if (storage && storage.getItem('token')) {
    // Use local storage auth tokens where there's a stable api.
    return storage.getItem('token');
  }
@@ -1,6 +1,6 @@
 {
  "name": "talk",
-  "version": "4.11.3",
+  "version": "4.11.4",
  "description": "A better commenting experience from Vox Media.",
  "main": "app.js",
  "private": true,
@@ -251,6 +251,6 @@
    "yaml-lint": "^1.0.0"
  },
  "engines": {
-    "node": ">=8"
+    "node": "~8"
  }
 }
@@ -14,8 +14,6 @@ const {
 } = require('../errors');
 const uuid = require('uuid');
 const debug = require('debug')('talk:services:passport');
-const bowser = require('bowser');
-const ms = require('ms');
 const _ = require('lodash');
 const { attachStaticLocals } = require('../middleware/staticTemplate');
 const { encodeJSONForHTML } = require('./response');
@@ -57,21 +55,6 @@ const GenerateToken = user => {
  });
 };

-// SetTokenForSafari sends the token in a cookie for Safari clients.
-const SetTokenForSafari = (req, res, token) => {
-  const browser = bowser._detect(req.headers['user-agent']);
-  if (browser.ios || browser.safari) {
-    debug('browser was safari/ios, setting a cookie');
-    res.cookie(JWT_SIGNING_COOKIE_NAME, token, {
-      httpOnly: true,
-      secure: process.env.NODE_ENV === 'production',
-      expires: new Date(Date.now() + ms(JWT_EXPIRY)),
-    });
-  } else {
-    debug("browser wasn't safari/ios, didn't set a cookie");
-  }
-};
-
 // HandleGenerateCredentials validates that an authentication scheme did indeed
 // return a user, if it did, then sign and return the user and token to be used
 // by the frontend to display and update the UI.
@@ -87,8 +70,6 @@ const HandleGenerateCredentials = (req, res, next) => (err, user) => {
  // Generate the token to re-issue to the frontend.
  const token = GenerateToken(user);

-  SetTokenForSafari(req, res, token);
-
  // Set the cache control headers.
  res.header('Cache-Control', 'private, no-cache, no-store, must-revalidate');
  res.header('Expires', '-1');
@@ -139,8 +120,6 @@ const HandleAuthPopupCallback = (req, res, next) => (err, user) => {
  // Generate the token to re-issue to the frontend.
  const token = GenerateToken(user);

-  SetTokenForSafari(req, res, token);
-
  // We logged in the user! Let's send back the user data.
  res.render('auth-callback.njk', {
    auth: { err: null, data: { user, token } },