[PM-39812] fix: Apply SSO cookie request handlers to HTTPService download functions#2848
[PM-39812] fix: Apply SSO cookie request handlers to HTTPService download functions#2848fedemkr wants to merge 1 commit into
Conversation
…load functions The download(from:) and download(filename:) methods bypassed the request handler pipeline entirely, so SSOCookieVendorRequestHandler never injected load-balancer cookies into download requests. This caused attachment downloads to fail on servers with SSO cookie vendor bootstrap configured.
🤖 Bitwarden Claude Code ReviewOverall Assessment: APPROVE Reviewed the fix that routes Code Review DetailsNo findings. The change is well-scoped, correct, and well-tested. |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2848 +/- ##
===========================================
- Coverage 81.15% 40.60% -40.55%
===========================================
Files 1027 356 -671
Lines 65896 16644 -49252
===========================================
- Hits 53475 6758 -46717
+ Misses 12421 9886 -2535 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
matt-livefront
left a comment
There was a problem hiding this comment.
These changes look good, looks like there's one test failure though.
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-39812
📔 Objective
The
download(from:)anddownload(filename:)methods inHTTPServicebypassedthe request handler pipeline entirely, meaning
SSOCookieVendorRequestHandlerneverinjected load-balancer cookies into download requests. On servers configured with SSO
cookie vendor bootstrap, this caused attachment downloads to throw errors.
Fix: Both download methods now call
applyRequestHandlers(to:)before passing therequest to the underlying client, mirroring what
send(_:)already did. A failableHTTPRequest.init?(from: URLRequest)bridges theURLRequest-based download API intothe
HTTPRequest-based handler pipeline.Note
The response handler was not added here as that handles
HTTPResponseinstead ofURLon the download functions. We could potentially add handling for that as well but requires more complex changes. So for now the request handler has been added which adds the cookie if it's available as we think it's an edge case that just at the moment of downloading an attachment the cookie expires.