Make cookie store web-only #2110
Conversation
It is needed on the web where custom Response objects may not be assigned Set-Cookie headers. Otherwise, cookies from PHP requests would not be respected. But a cookie store isn't needed for Playground CLI, and applying the same cookies to all requests to a CLI-based server interferes with clients that want to use other WP auth schemes.
brandonpayton
added
[Type] Bug
|
So far, the biggest remaining challenge for this PR is maintaining the cookie store even if the service worker is terminated due to inactivity. Apparently, this can happen even if browser tabs from a service worker's scope remain open. From https://web.dev/learn/pwa/service-workers#lifespan:
I'm not sure how much this is a problem in practice, but I'd rather not find out by testing on users in production. The best thing I can think of at the moment is to use IndexedDB to maintain a cookie store, but if we do that, it would be good to have a way to clear cookies stored by a previous browser session before they can be used for the current session. |
|
There are some unit tests that fail because of this change: At least some of the failures could be expected because they implicitly depend on cookie management being provided by
|
|
I updated the failing unit tests to manage their own cookies. We also have e2e tests for login, so this should cover us. |
I think we can do the following:
One thing I'm not sure about:
|
|
It seemed right for the service worker to manage a synthetic cookie store since it is responsible for all request routing. But if we do that, we need to worry about when Playground scopes come and go and when the service worker is terminated and restarted. And it requires cookie stores to be persisted to withstand a service worker being terminated and resumed in the middle of the browser session. This is too much complexity. For now, let's just move cookie management into the web-specific remote worker. Each worker is limited to a single scope and should live for as long as its Playground lives. That is also how long we want each cookie store to live. So I plan to move cookie store management into that worker. |
|
We have both unit and e2e tests for login that should cover these changes. |
|
I confirmed that this patch fixes #1611 for Playground CLI. If I run the repro steps of that issue with Playground CLI, we get normal output from the REST API block types endpoint: @dcalhoun, once this PR is merged, we'll need to publish updated NPM packages. After that, |
@brandonpayton thank you for your work on this! That plan sounds good. I was unaware of plans to merge the CLIs, but it makes sense. |
Motivation for the change, related issues
A cookie store is needed on the web where custom Response objects may not be assigned
Set-Cookieheaders. Otherwise,Set-Cookieheaders received in PHP responses are effectively discarded. But a cookie store isn't needed for Playground CLI, and applying the same cookies to all requests to a CLI-based server interferes with clients that want to use other WP auth schemes.This PR gives the browser-based PHP worker the responsibility for maintaining a cookie store per Playground scope.
Fixes #1611
cc @dcalhoun
Implementation details
This PR makes the cookie store a browser-based PHP worker concern so it can manage which cookie store to apply to which requests.
Originally, I wanted to make the Service Worker responsible for the synthetic cookie store because it is responsible for all request routing and generally sits between the browser client and the PHP "server", but it turned out to be quite awkward because:
If the cookie store is kept with the PHP worker, then the cookies will naturally come and go as Playground sites are loaded and unloaded.
Testing Instructions (or ideally a Blueprint)