Skip to content

Manually calling APIs without adding the correct RID header can result in a 404 #202

New issue
New issue
Closed
Closed
Manually calling APIs without adding the correct RID header can result in a 404#202
Assignees
rishabhpoddar
Labels
bugSomething isn't working
@nkshah2

Description

@nkshah2
nkshah2
opened on Oct 29, 2021

Problem

If a user calls one of our APIs manually and does not add the rid header, the API fails with a 404.

Ideal outcome

The API should behave the same way it does when the SDK calls the API internally

Root Cause

In the frontend SDKs when a user calls an API with interception enabled and without adding the rid header, the request interceptor adds rid: "session" by default. For APIs that dont belong to the session recipe the middleware rejects the request path and a 404 can be thrown.

Workarounds

Manually adding a valid rid in the request headers resolves this issue

Permanent fix (Possible solution)

The frontend SDKs should use a custom default rid header ("anti-csrf" for example) and the backend SDK should handle this header value the same way it handles requests having no rid header (i.e undefined). This will result in the middleware looping through all available recipes to route the API request correctly

SDKs

  • website
  • react-native
  • nodejs
  • golang
  • python

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions