fix(frontend): allow mock=true demo URLs through workspace auth guard#3093
Open
64johnlee wants to merge 1 commit into
Open
fix(frontend): allow mock=true demo URLs through workspace auth guard#309364johnlee wants to merge 1 commit into
64johnlee wants to merge 1 commit into
Conversation
The workspace layout server component redirects all unauthenticated visitors to /login before the page can read ?mock=true, making the public Case Studies demo links unusable for anonymous users. A new Next.js middleware propagates ?mock=true into an x-mock request header so the server-side workspace layout can detect mock requests and serve WorkspaceContent directly without the auth redirect. The page already uses useThreadChat().isMock to switch to the read-only mock API client; this change simply lets the request reach the page. Closes bytedance#3000 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Closes #3000
Public Case Studies landing page links to mock demo chat URLs such as:
The
workspace/layout.tsxserver component runs a full auth check for every/workspace/*route and redirects unauthenticated visitors to/loginbefore the page can read?mock=true. This makes the public demos completely unreachable for anonymous users.Root Cause
Next.js App Router layouts receive
childrenandparamsbut notsearchParams, so the layout cannot read?mock=truedirectly to skip the auth redirect.Fix
Two small files changed:
src/middleware.ts(new) — Next.js middleware that runs before the layout. When?mock=trueis present, it clones the request headers and injectsx-mock: true, which server components can read viaheaders()fromnext/headers.src/app/workspace/layout.tsx— Added an early-return path beforegetServerSideUser():The chat page already handles mock mode via
useThreadChat().isMock(switching to the read-only mock API client). This change simply lets the request reach the page.Validation
pnpm typecheck— cleanpnpm lint— cleanmockparam is absent)