cleanup

apps/login/next.config.mjs

@@ -23,11 +23,11 @@ const secureHeaders = [
   },
   // img-src vercel.com needed for deploy button,
   // script-src va.vercel-scripts.com for analytics/vercel scripts
-  // {
-  //   key: "Content-Security-Policy",
-  //   value:
-  //     "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com; connect-src 'self'; child-src; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; img-src 'self' https://vercel.com;",
-  // },
+  {
+    key: "Content-Security-Policy",
+    value:
+      "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com; connect-src 'self'; child-src; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; img-src 'self' https://vercel.com;",
+  },
 ];
 
 const nextConfig = {

apps/login/src/app/login/route.ts

@@ -56,6 +56,7 @@ export async function GET(request: NextRequest) {
   const authRequestId = searchParams.get("authRequest");
   const sessionId = searchParams.get("sessionId");
 
+  // TODO: find a better way to handle _rsc (react server components) requests and block them to avoid conflicts when creating oidc callback
   const _rsc = searchParams.get("_rsc");
   if (_rsc) {
     return NextResponse.json({ error: "No _rsc supported" }, { status: 500 });
@@ -89,12 +90,6 @@ export async function GET(request: NextRequest) {
       );
 
       if (cookie && cookie.id && cookie.token) {
-        console.log(
-          `Found sessioncookie ${cookie.id}`,
-          JSON.stringify(selectedSession),
-          JSON.stringify(cookie),
-        );
-
         const session = {
           sessionId: cookie?.id,
           sessionToken: cookie?.token,
@@ -109,7 +104,6 @@ export async function GET(request: NextRequest) {
               value: session,
             },
           });
-          console.log("callbackUrl", callbackUrl);
           if (callbackUrl) {
             return NextResponse.redirect(callbackUrl);
           } else {