Skip to content

Commit 43c9aef

Browse files
committed
fix(auth): send Content-Type without charset on login
signalk-server's login route does strict equality on 'application/json', so 'application/json; charset=utf-8' (what StringContent's 3-arg ctor emits) falls into the browser-form branch and returns a 302 + cookie instead of the JSON token body. Construct the content with a plain MediaTypeHeaderValue so the charset is omitted and the JSON branch is reached.
1 parent a7f33a0 commit 43c9aef

1 file changed

Lines changed: 13 additions & 1 deletion

File tree

OnaPlotter/Services/Api/AuthApi.cs

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
using System.Net.Http.Headers;
12
using System.Text.Json;
23
using OnaPlotter.Models;
34
using OnaPlotter.Services.Json;
@@ -111,7 +112,18 @@ public AuthApi(HttpClient http, ISignalKBaseUrl baseUrl, ILogger<AuthApi> logger
111112
new KeyValuePair<string, string>("username", username),
112113
new KeyValuePair<string, string>("password", password),
113114
}.ToDictionary(kv => kv.Key, kv => kv.Value));
114-
using var content = new StringContent(bodyJson, System.Text.Encoding.UTF8, "application/json");
115+
// Content-Type MUST be exactly "application/json" - no charset.
116+
// signalk-server's /signalk/v1/auth/login does a strict equality
117+
// check on the Content-Type header (tokensecurity.ts:674): the
118+
// JSON branch returns 200 + { token, timeToLive }; anything else
119+
// (including "application/json; charset=utf-8" which is what
120+
// StringContent's 3-arg ctor produces) falls into the browser-
121+
// form branch - 302 + HttpOnly JAUTHENTICATION cookie + redirect
122+
// to /. The HttpClient auto-follows the 302, the JSON parser
123+
// chokes on the home page HTML, and the helm sees a silent
124+
// "login failed" toast even though the cookie was actually set.
125+
using var content = new StringContent(bodyJson);
126+
content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
115127

116128
using var cts = CancellationTokenSource.CreateLinkedTokenSource(ct);
117129
cts.CancelAfter(ProbeTimeout);

0 commit comments

Comments
 (0)