i18n requests often fail with stateless authenticaction #4330
Description
Describe the bug
A Hilla app with i18n feature often fails to fetch and use translations when stateless authentication is used.
Expected-behavior
A Hilla app with i18n feature should always fetch and use translations successfully when stateless authentication is used.
Reproduction
I created a sample repo for reproduction: https://github.com/rbrki07/hilla-i18n-stateless-authentication-example/tree/main.
The tag basic-i18n contains a basic i18n integration as described in the docs. If you start the app from this tag, the app can fetch and use the translations without errors:
basic-i18n.mp4
The tag stateless-auth-loginview adds stateless authentication to the app, as described in the docs. It uses loginView as described here. If you start the app from this tag, the app often fails to fetch and use the translations:
stateless-auth-loginview.mp4
The requests that fail, fail with a status code 403 and the error "session expired".
I also tried a different stateless authentication approach using an oauth2LoginPage. The tag stateless-auth-oauth2loginpage contains the app with this implementation. If you start the app from this tag, the app also often fails to fetch and use the translations:
stateless-auth-oauth2loginpage.mp4
I tried to analyze and debug the Spring Security Filter Chain to find the root cause for the "session expired" error, but I couldn't find it. That said, I'm not sure if this issue is really related to the way Vaadin authenticates requests internally.
System Info
- Vaadin Hilla 24.9.4
- Behaviour tested in Safari, Firefox and Chrome