Cyrus
Cyrus
PostsComments
SSolara
Created by commodity-pilled on 1/24/2024 in #questions-issues
Setting favicon in browser?
@MaartenBreddels I am having the same issue. favicon is still the default and the style only gets picked up if I add solara.Style('/my/local/path/to/style.css') to my pages.__init__.py. My directory structure currently looks something like 
myproject/
  run-ui.sh <-- calls `solara run myapp/pages`
  myapp/
    components/...
    pages/
      __init__.py
      page1.py
      ...
    assets/
      favicon.ico
      style.css    
myproject/
  run-ui.sh <-- calls `solara run myapp/pages`
  myapp/
    components/...
    pages/
      __init__.py
      page1.py
      ...
    assets/
      favicon.ico
      style.css
I am also using a pyproject.toml to install the myapp package. Am I missing something? I tried moving assets one level up but that did not work either
5 replies
SSolara
Created by Cyrus on 8/19/2024 in #questions-issues
Force solara to use https in redirect uris
Looks like it worked (see issue)
37 replies
SSolara
Created by Cyrus on 8/19/2024 in #questions-issues
Force solara to use https in redirect uris
Sure, will test now and reply in the issue.
37 replies
SSolara
Created by Cyrus on 8/19/2024 in #questions-issues
Force solara to use https in redirect uris
It worked!! I definitely think a note about FORWARDED_ALLOW_IPS='*' should be documented in the solara auth page (or even set by default to '*' within solara server?)
37 replies
SSolara
Created by Cyrus on 8/19/2024 in #questions-issues
Force solara to use https in redirect uris
https://www.uvicorn.org/settings/
37 replies
SSolara
Created by Cyrus on 8/19/2024 in #questions-issues
Force solara to use https in redirect uris
No description
37 replies
SSolara
Created by Cyrus on 8/19/2024 in #questions-issues
Force solara to use https in redirect uris
setting ALLOW_FORWARDED_IPS=1 didn't work. The redirect uri based on request.base_url reverted back to http
37 replies
SSolara
Created by Cyrus on 8/19/2024 in #questions-issues
Force solara to use https in redirect uris
@MaartenBreddels Would you like me to create a (tiny) PR for this?
37 replies
SSolara
Created by Cyrus on 8/19/2024 in #questions-issues
Force solara to use https in redirect uris
OK, so with my own custom login function I was able to fix the problem by implementing the bug fix suggested in the issue. I was also able to add print statements and verify that indeed request.base_url is using http compared to settings.main.base_url. I also printed headers confirming that the ALB is forwarding things correctly (with 'x-forwarded-proto': 'https'): 
 Headers({'x-forwarded-for': 'XX.XXX.XXX.XX', 'x-forwarded-proto': 'https', 'x-forwarded-port': '443', 'host': 'MY_HOST', 'x-amzn-trace-id': 'Root=1-66c58ba1-54acf49f04355573178fa972', 'sec-ch-ua': '"Not)A;Brand";v="99", "Google Chrome";v="127", "Chromium";v="127"', 'sec-ch-ua-mobile': '?0', 'sec-ch-ua-platform': '"macOS"', 'upgrade-insecure-requests': '1', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36', 'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7', 'sec-fetch-site': 'same-origin', 'sec-fetch-mode': 'navigate', 'sec-fetch-user': '?1', 'sec-fetch-dest': 'document', 'referer': 'https://MY_HOST/?iss=https%3A%2F%2FAPI_BASE_URL.oktapreview.com', 'accept-encoding': 'gzip, deflate, br, zstd', 'accept-language': 'en-US,en;q=0.9', 'priority': 'u=0, i', 'cookie': 'solara-session-id=111e11ec-2e91-4709-8abc-ea8ff2c1111b'})
 Headers({'x-forwarded-for': 'XX.XXX.XXX.XX', 'x-forwarded-proto': 'https', 'x-forwarded-port': '443', 'host': 'MY_HOST', 'x-amzn-trace-id': 'Root=1-66c58ba1-54acf49f04355573178fa972', 'sec-ch-ua': '"Not)A;Brand";v="99", "Google Chrome";v="127", "Chromium";v="127"', 'sec-ch-ua-mobile': '?0', 'sec-ch-ua-platform': '"macOS"', 'upgrade-insecure-requests': '1', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36', 'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7', 'sec-fetch-site': 'same-origin', 'sec-fetch-mode': 'navigate', 'sec-fetch-user': '?1', 'sec-fetch-dest': 'document', 'referer': 'https://MY_HOST/?iss=https%3A%2F%2FAPI_BASE_URL.oktapreview.com', 'accept-encoding': 'gzip, deflate, br, zstd', 'accept-language': 'en-US,en;q=0.9', 'priority': 'u=0, i', 'cookie': 'solara-session-id=111e11ec-2e91-4709-8abc-ea8ff2c1111b'})
So it looks like it was the bug that we discussed above
37 replies
SSolara
Created by Cyrus on 8/19/2024 in #questions-issues
Force solara to use https in redirect uris
Ah, to print request before I just modified solara source code locally. For the remote version connected to the ALB I can try embedding my solara app in Starlette and then overwriting the _solara/auth/login route to point to a custom endpoint in the app with logging statements. Will let you know how it goes.
37 replies
SSolara
Created by Cyrus on 8/19/2024 in #questions-issues
Force solara to use https in redirect uris
you can see the ":scheme": "https", in the request header but then http in the response location redirect_uri, which doesn't align with the redirect uris allowed in the app, thus breaking the auth flow
37 replies
SSolara
Created by Cyrus on 8/19/2024 in #questions-issues
Force solara to use https in redirect uris
I was able to grab the OAuth2 authorization request/response headers from chrome dev tool. The request chain starts when I click on my app's Login button (which href's to auth.get_login_url). The first request is (using placeholders to hide some stuff): 
**Request URL:**
https://MY_HOST/_solara/auth/login?redirect_uri=https://MY_HOST/RETURN_TO_PATH

**Request Method:** GET

**Status Code:** 302 Found

**Referrer Policy:** strict-origin-when-cross-origin

**Request Headers:**
{
  ":authority": "MY_HOST",
  ":method": "GET",
  ":path": "/_solara/auth/login?redirect_uri=https://MY_HOST/RETURN_TO_PATH",
  ":scheme": "https",
  "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
  "accept-encoding": "gzip, deflate, br, zstd",
  "accept-language": "en-US,en;q=0.9",
  "cookie": "solara-session-id=<session_id>; solara-session=<session_data>",
  "priority": "u=0, i",
  "referer": "https://MY_HOST/",
  "sec-ch-ua": "\"Not)A;Brand\";v=\"99\", \"Google Chrome\";v=\"127\", \"Chromium\";v=\"127\"",
  "sec-ch-ua-mobile": "?0",
  "sec-ch-ua-platform": "\"macOS\"",
  "sec-fetch-dest": "document",
  "sec-fetch-mode": "navigate",
  "sec-fetch-site": "same-origin",
  "sec-fetch-user": "?1",
  "upgrade-insecure-requests": "1"
}

** Response Headers **
{
  "content-length": "0",
  "location": "https://<API_BASE_URL>.oktapreview.com/oauth2/v1/authorize?response_type=code&client_id=<client_id>&redirect_uri=http://MY_HOST/_solara/auth/authorize&scope=openid+profile+email&state=<state>&nonce=<nonce>",
  "server": "uvicorn",
  "set-cookie": "solara-session=<session_data>; path=/; Max-Age=1209600; httponly; samesite=lax; secure"
}
**Request URL:**
https://MY_HOST/_solara/auth/login?redirect_uri=https://MY_HOST/RETURN_TO_PATH

**Request Method:** GET

**Status Code:** 302 Found

**Referrer Policy:** strict-origin-when-cross-origin

**Request Headers:**
{
  ":authority": "MY_HOST",
  ":method": "GET",
  ":path": "/_solara/auth/login?redirect_uri=https://MY_HOST/RETURN_TO_PATH",
  ":scheme": "https",
  "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
  "accept-encoding": "gzip, deflate, br, zstd",
  "accept-language": "en-US,en;q=0.9",
  "cookie": "solara-session-id=<session_id>; solara-session=<session_data>",
  "priority": "u=0, i",
  "referer": "https://MY_HOST/",
  "sec-ch-ua": "\"Not)A;Brand\";v=\"99\", \"Google Chrome\";v=\"127\", \"Chromium\";v=\"127\"",
  "sec-ch-ua-mobile": "?0",
  "sec-ch-ua-platform": "\"macOS\"",
  "sec-fetch-dest": "document",
  "sec-fetch-mode": "navigate",
  "sec-fetch-site": "same-origin",
  "sec-fetch-user": "?1",
  "upgrade-insecure-requests": "1"
}

** Response Headers **
{
  "content-length": "0",
  "location": "https://<API_BASE_URL>.oktapreview.com/oauth2/v1/authorize?response_type=code&client_id=<client_id>&redirect_uri=http://MY_HOST/_solara/auth/authorize&scope=openid+profile+email&state=<state>&nonce=<nonce>",
  "server": "uvicorn",
  "set-cookie": "solara-session=<session_data>; path=/; Max-Age=1209600; httponly; samesite=lax; secure"
}
37 replies
SSolara
Created by Cyrus on 8/19/2024 in #questions-issues
Force solara to use https in redirect uris
It is a AWS Application Load Balancer (ALB) configured to listen for https requests (the security group only accepts https). I am not too knowledgeable about infra but I think the X-Forwarded-Proto header should automatically be forwarded in our setup to indicate the protocol used by the client.
37 replies
SSolara
Created by Cyrus on 8/19/2024 in #questions-issues
Force solara to use https in redirect uris
@MaartenBreddels I created an issue
37 replies
SSolara
Created by Cyrus on 8/19/2024 in #questions-issues
Force solara to use https in redirect uris
In my case the app should not be going through a proxy, because it's hosted within a VPC but maybe the load balancer can affect headers and what not. I am happy to open an issue about the bug!
37 replies
SSolara
Created by Cyrus on 8/19/2024 in #questions-issues
Force solara to use https in redirect uris
Shouldn't the login endpoint here be using session.main.base_url instead of request.base_url? When I set SOLARA_BASE_URL then settings.main.base_url correctly updates, while request.base_url doesn't
37 replies
SSolara
Created by Cyrus on 8/19/2024 in #questions-issues
Force solara to use https in redirect uris
Given this scope (with 'scheme': 'http') I think then here my url gets defaulted to have 'http' sheme?
37 replies