Skip to content

Commit 8d1514a

Browse files
brkalowbrkalow
authored
fix(backend): Avoid handshake loop on primary domain sync (#6755)
1 parent 41e0a41 commit 8d1514a

File tree

2 files changed

+7
-1
lines changed

2 files changed

+7
-1
lines changed

.changeset/clear-forks-ring.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
'@clerk/backend': patch
3+
---
4+
5+
Fix a case where handshakes would get triggered in a loop on cross origin requests in development.

packages/backend/src/tokens/request.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -577,7 +577,8 @@ export const authenticateRequest: AuthenticateRequest = (async (
577577
!authenticateContext.isSatellite && // We're on primary
578578
authenticateContext.secFetchDest === 'document' && // Document navigation
579579
authenticateContext.isCrossOriginReferrer() && // Came from different domain
580-
!authenticateContext.isKnownClerkReferrer(); // Not from Clerk accounts portal or FAPI
580+
!authenticateContext.isKnownClerkReferrer() && // Not from Clerk accounts portal or FAPI
581+
authenticateContext.handshakeRedirectLoopCounter === 0; // Not in a redirect loop
581582

582583
if (shouldForceHandshakeForCrossDomain) {
583584
return handleMaybeHandshakeStatus(

0 commit comments

Comments
 (0)