Skip to content

CCP-2921: Change Embed/Webcomponent Auth Header #1787

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
usingtechnology wants to merge 3 commits into
base: main
Choose a base branch
from
Open

CCP-2921: Change Embed/Webcomponent Auth Header #1787

usingtechnology wants to merge 3 commits into from

Conversation

@usingtechnology
Copy link
Collaborator

@usingtechnology usingtechnology commented Nov 25, 2025
edited
Loading

Description

For embedded webcomponents, do not use Authorization Bearer headers. Change to a custom header and allow pass-through of headers from the host application. These pass-through headers may include an Authorization Bearer header.

Since we haven't use gateway service and runtime-auth middleware outside of webcomponents, there is no change to core functionality. Documentation on tech docs and communication with any interested parties that are currently previewing embedded functionality will need to be informed of the header change.

Type of Change

feat (a new feature)

This is a breaking change because ... it may break the devcontainer? i moved to a mac silicon and the architecture is completely different so i had to add conditionals in the docker image and devcontainer.json

Checklist

  • I have read the CONTRIBUTING doc
  • I have checked that unit tests pass locally with my changes
  • I have run the npm script lint on the frontend and backend
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)
  • I have approval from the product owner for the contribution in this pull request

Further comments

@usingtechnology
CCP-2921: Change Embed/Webcomponent Auth Header
3342952 
For embedded webcomponents, do not use Authorization Bearer headers. Change to a custom header and allow pass-through of headers from the host application. These pass-through headers may include an Authorization Bearer header.
@usingtechnology
SonarQube fixes
7f696b2
@github-actions

This comment has been minimized.

Sign in to view
@usingtechnology
Delete auth-test.html
e7f3378 
do not need this, just testing locally.
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 25, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions
Copy link

github-actions bot commented Nov 25, 2025

Release f08fb9e deployed at https://chefs-dev.apps.silver.devops.gov.bc.ca/pr-1787

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nimya-aot nimya-aot Awaiting requested review from nimya-aot

@jasonchung1871 jasonchung1871 Awaiting requested review from jasonchung1871

@RyanBirtch-aot RyanBirtch-aot Awaiting requested review from RyanBirtch-aot

@revanth-banala revanth-banala Awaiting requested review from revanth-banala

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@usingtechnology