Phoenix - Conn.assigns empty in production

kristofvanwoensel · May 3, 2020, 8:42pm

I am using Axios for my client-side requests. For example:

Logged in client requests DELETE
Router pipes through Auth plug
Auth plug checks if conn.assigns has user
If user exists and has role, delete-action is executed

This works without problems in DEV-mode. The conn.assigns holds my user_id and the request is executed. In PROD-mode, my conn.assigns is empty. I really don’t see the cause of the problem. Could this be caused by my CDN (Cloudflare)?

JS:

   axios ({
                                method: 'delete',
                                url: `${Url.value}/removeRegion/${region}`,
                                headers: {
                               'X-Requested-With': 'XMLHttpRequest',
                               'x-csrf-token': document.head.querySelector("[name~=csrf-token[content]").content
                               }
                          })

Controller:

plug :authenticate when action in [....]
 def authenticate(conn, _opts) do

  assign = conn.assigns
  if conn.assigns.current_user && conn.assigns.current_user.admin do
    conn
  else
    Logger.debug "NO AUTH!!"

–> This errors out since conn.assigns is empty

al2o3cr · May 3, 2020, 11:51pm

You mention a CDN but not how exactly you’re using it; have you checked what your server-side app is getting in the Origin header? Getting no session cookie could be a symptom that CORS isn’t set up correctly: https://www.html5rocks.com/en/tutorials/cors/

kristofvanwoensel · May 4, 2020, 6:17am

I think you might be right. I see my GET/POST (simple) requests are working, but my DELETE request is not. Strange, because I enabled all methods using Corsica:

endpoint.ex

 plug Corsica,
       origins: "*",
       allow_methods: :all,
       allow_headers: :all,
       log: [rejected: :error, invalid: :warn, accepted: :debug]