fix: storefront login 403, cookie path, double-storefront URLs, and auth redirects
- Extract store/platform context from Referer header for storefront API requests
(StoreContextMiddleware and PlatformContextMiddleware) so login POST works in
dev mode where API paths lack /platforms/{code}/ prefix
- Set customer token cookie path to "/" for cross-route compatibility
- Fix double storefront in URLs: replace {{ base_url }}storefront/ with {{ base_url }}
across all 24 storefront templates
- Fix auth error redirect to include platform prefix and use store_code
- Update seed script to output correct storefront login URLs
- Add 20 new unit tests covering all fixes; fix 9 pre-existing test failures
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -434,14 +434,19 @@ def _redirect_to_login(request: Request) -> RedirectResponse:
|
||||
|
||||
base_url = "/"
|
||||
if access_method == "path" and store:
|
||||
full_prefix = (
|
||||
store_context.get("full_prefix", "/store/")
|
||||
if store_context
|
||||
else "/store/"
|
||||
)
|
||||
base_url = f"{full_prefix}{store.subdomain}/"
|
||||
platform = getattr(request.state, "platform", None)
|
||||
platform_original_path = getattr(request.state, "platform_original_path", None)
|
||||
if platform and platform_original_path and platform_original_path.startswith("/platforms/"):
|
||||
base_url = f"/platforms/{platform.code}/storefront/{store.store_code}/"
|
||||
else:
|
||||
full_prefix = (
|
||||
store_context.get("full_prefix", "/storefront/")
|
||||
if store_context
|
||||
else "/storefront/"
|
||||
)
|
||||
base_url = f"{full_prefix}{store.store_code}/"
|
||||
|
||||
login_url = f"{base_url}storefront/account/login"
|
||||
login_url = f"{base_url}account/login"
|
||||
logger.debug(f"Redirecting to {login_url}")
|
||||
return RedirectResponse(url=login_url, status_code=302)
|
||||
# Fallback to root for unknown contexts (PLATFORM)
|
||||
|
||||
Reference in New Issue
Block a user