Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove token from URL if identified as less privileged as a user token #8140

Open
MichaelBuessemeyer opened this issue Oct 22, 2024 · 0 comments

Comments

@MichaelBuessemeyer
Copy link
Contributor

When sending a backend request with an insufficient token taken from the annotation URL the frontend now retries to use the user's personal token instead. Upon successful request, the frontend now only remembers not to use the token from the URL again. But it would be better if the token would be fully removed from the URL.

The reason is why this was not initially implemented this way is due to newly created cyclic dependencies: Check #8139 (comment)

Detailed Description

Context

In case a user opens an annotation with an outdated token or the user itself has permissions to update the annotation but not the token, each first time the frontend notices that it should use the user token an error toast is shown to the user.

To avoid this same behaviour over and over again after each page reload, the insufficient token should be removed from the URL. (IMO)

Other related links:
#7309 and PR that "fixes" this behaviour #8139

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant