The header is ignored, and only the 3rd part cookie "AppServiceAuthSession" is being used. Provide a description of the expected behavior. This will now end up in a worst situation, since msal thinks it still has a valid token, don't know that the cookie was deleted on the target domain, and will not even attempt to prompt the user for login again. Make the request again using with the accessToken recieved, sending it in the header.Manually delete the cookie "AppServiceAuthSession".Run the 2 steps above to get everything working.Try the same steps using Google Chrome incognito mode, which blocks 3rd party cookies by default.Run the MSAL authentication using A cookie is placed on the target domain, and accessToken returned.Provide the steps required to reproduce the problem: Function name(s) (as appropriate): /api/posts.We need to be able to pass authentication using headers, not only 3rd party cookies. Isn't working, and the request return 401 Unauthorized. When 3rd party cookies are blocked - the access token that is passed via a header: The login popup places a 3rd party cookie on the azure function domain and uses that for authentication, and also returns an accessToken. Securing an azure function (V3) using Microsoft authentication provider and using to authenticate. In the Azure portal, navigate to your function app, select Diagnose and solve problems from the left, and view relevant dashboards before opening your issue. This means that multiple Set-Cookie headers with different cookie-names are allowed.įor issues in production, please check for a solution to common issues in the Azure portal before opening a bug. The same response with the same cookie-name. "Servers SHOULD NOT include more than one Set-Cookie header field in The Set-Cookie header field because the %x2C (",") character is usedīy Set-Cookie in a way that conflicts with such folding." The usual mechanism for folding HTTP headersįields (i.e., as defined in ) might change the semantics of "Origin servers SHOULD NOT fold multiple Set-Cookie header fields intoĪ single header field. This behaviour has been reproduces both locally (while debugging) as on an Azure Function container (icarus-int) Root causeĪzure\functions_http.py class HttpResponseHeaders(BaseHeaders, ):ĭef _setitem_(self, key: str, value: str): Http_response = func.WsgiMiddleware(application).handle(req, context) Run with ĭef main(req: func.HttpRequest, context: func.Context) -> func.HttpResponse: Two Set-Cookies headers are returned (as depicted above) Set-Cookie: csrftoken=L6coOZOclDhAg2X7geBKbhvJSHPxz9AbgOkoVqNAIsgVe8oxTEPTSPbc2VPSyjwq expires=Sun, 09:00:59 GMT Max-Age=31449600 Path=/ SameSite=Lax Set-Cookie: messages="" expires=Thu, 00:00:00 GMT HttpOnly Max-Age=0 Path=/ SameSite=Lax This header has been captured from the app running without the Azure wsgi middleware.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |