Astro Redirects & Custom Base Path Errors

Netlify site: https://bejewelled-ganache-8d2d14.netlify.app/

I’m trying to set up a POC for an Astro site, deployed on Netlify, using full SSR and authenticated routes (i.e. some parts of the site are behind a login wall).

We’re also trying to have this microsite accessed via a subpath of another, existing Netlify site e.g. www.mysite.com/astro_poc/

Astro has the ability to do this by setting the base config option, which we have done. Locally (either running in full Astro development mode, or locally building and accessing via a local Netlify dev server) this works correctly. However, once deployed, there are two issues with the authentication flow.

When a user trys to access a page that requires authentication, we check a cookie. If it is valid, the page renders; if not, they are redirected to the login page. Here, a simple login form is dealt with on the server (using Astros baked in form handling) and, if the authentication is successful, the user is then redirected back to the page they originally tried to acccess.

We do that last part by capturing the original referrer page as a URL search parameter appended to the login page URL e.g. /astro_poc/login?path=/some/page. Then, on the login page, we grab that search parameter and use it as the value for the success redirect. All of this is using Astro’s baked in redirect and URL manipulation APIs.

Here’s where the bugs creep in: on that final redirect, the resultant URL contains a duplicated base path and the search parameters. So if I try to go to /astro_poc/some/page without a valid auth cookie, I get bouned to /astro_poc/login?path=/some/page correctly; I authenticate; and I then get redirected to /astro_poc/astro_poc/some/page?path=/some/page, which is incorrect.

Weirdly, the correct page still loads, even though the path shown in the browser is now invalid :person_shrugging:

We’ve tried capturing the redirect URL and stripping the duplication (no effect); hard coding the redirect URL (still duplicates); removing the custom base URL from the redirect argument (no longer works at all); forcing an overwrite of the astro.url search parameters (we can log these out and see they are blank, but the search parameters persist). But the bugs persist, and cannot be replicated locally.

Could there be some Netlify settings we’re overlooking?

Mind sharing a minimal reproduction that we can try on our end?

Okay, so I have put together a minimal reproduction, but in doing so was able to locate a bug on our end. Fixing that has solved the duplicated base URL problem.

We’re still facing an issue with the persistent search parameters (and now need to work out a way for the login redirect to work on local dev environments), so if you have any suggestions there it would be appreciated.

The code can be found here: GitHub - theAdhocracy/astro-poc
I have this running on a Netlify deploy here: https://roaring-flan-f9eca9.netlify.app/

To replicate the issue, just go to that site, click the link, and fill in the password (which is password1234). On reload, you will be redirected, but the search parameters will persist. Locally this behaviour does not occur. (Tested on Windows 10, using the latest version of Firefox for Windows.)

Apparently I need to bump this to mark as “not solved” :woman_shrugging:

This is expected behaviour. You need to redirect to a path with at least 1 query param so we would remove it. If you don’t return any query params, we preserve the ones before the redirect.