From 8b007802d45a752c63e483f0c26d54f902c7d980 Mon Sep 17 00:00:00 2001 From: Kevin Ansfield Date: Tue, 9 Nov 2021 15:38:48 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Fixed=20login=20problems=20in=20?= =?UTF-8?q?Safari=20on=20private=20sites=20that=20have=20front-end/admin?= =?UTF-8?q?=20on=20different=20domains?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit no issue - if the automatic private site login fails during post-auth setup, don't fully error because that will block Admin from loading properly - the automatic login is a nice-to-have and making it look like it worked won't break anything that wouldn't already be broken when the browser is blocking x-domain requests --- ghost/admin/app/services/frontend.js | 6 ++++++ ghost/admin/app/services/session.js | 2 ++ 2 files changed, 8 insertions(+) diff --git a/ghost/admin/app/services/frontend.js b/ghost/admin/app/services/frontend.js index 5370375ca1..43f902c299 100644 --- a/ghost/admin/app/services/frontend.js +++ b/ghost/admin/app/services/frontend.js @@ -27,6 +27,7 @@ export default class FrontendService extends Service { if (this.settings.get('isPrivate') && (this.hasPasswordChanged || !this._hasLoggedIn)) { const privateLoginUrl = this.getUrl('/private/?r=%2F'); this._lastPassword = this.settings.get('password'); + return fetch(privateLoginUrl, { method: 'POST', mode: 'cors', @@ -38,6 +39,11 @@ export default class FrontendService extends Service { body: `password=${this._lastPassword}` }).then(() => { this._hasLoggedIn = true; + }).catch((e) => { + // Safari will error when x-site tracking is prevented and frontend/admin are separate + // we don't want to break anything else in that case so make it look like it succeeded + console.error(e); // eslint-disable-line + return true; }); } } diff --git a/ghost/admin/app/services/session.js b/ghost/admin/app/services/session.js index 9f316725d8..8f3c9cbbe2 100644 --- a/ghost/admin/app/services/session.js +++ b/ghost/admin/app/services/session.js @@ -38,7 +38,9 @@ export default class SessionService extends ESASessionService { this.feature.fetch(), this.settings.fetch() ]); + await this.frontend.loginIfNeeded(); + // update Sentry with the full Ghost version which we only get after authentication if (this.config.get('sentry_dsn')) { configureScope((scope) => {