breaking: make waitlist var opt-in#614
Conversation
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.
- uncomment the flag so local dev skips the waitlist out of the box
- Replace VITE_BYPASS_WAITLIST (opt-out) with VITE_ENABLE_WAITLIST (opt-in) - Default behavior now skips the waitlist; deployments must explicitly enable it - PR previews continue to bypass the waitlist regardless
Semgrep Security ScanNo security issues found. |
cjroth
force-pushed
the
cjroth/waitlist-env-var
branch
from
4aab4fb to
3eff1d6
Compare
There was a problem hiding this comment.
Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.
ReviewBreaking Change — Deployment Configuration Update Required The rename from
Before: no env var → This is intentional for the new opt-in semantics, but any deployment that currently relies on the waitlist to gate access needs No other issues found. Doc fixes and link corrections look correct. |
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
ReviewSecurity / Breaking Change The auth gate is now coupled to No CI/CD workflow file sets If the intent is that "no waitlist" deployments still require a user to be authenticated, the auth gate and the waitlist toggle need to be independent. A deployment could want the auth gate without the waitlist UI.
|
| <Route | ||
| element={ | ||
| shouldBypassWaitlist ? ( | ||
| <Outlet /> | ||
| ) : ( | ||
| waitlistEnabled ? ( | ||
| <AuthGate require="authenticated" redirectTo={oidcMode ? '/oidc-redirect' : '/waitlist'} /> | ||
| ) : ( | ||
| <Outlet /> | ||
| ) | ||
| } |
There was a problem hiding this comment.
When waitlistEnabled is false (the default with no env var set), this renders <Outlet /> with no auth gate — every main app route is accessible without authentication. Previously, shouldBypassWaitlist = false by default, so the auth gate was always active unless explicitly bypassed.
If "waitlist disabled" and "auth not required" are genuinely the same thing for all deployment types, this is fine. But if there are deployments that want auth without the waitlist UI, the two concerns need to be separated (e.g. a separate VITE_REQUIRE_AUTH flag, or the auth gate could redirect to a sign-in page rather than /waitlist when the waitlist is off).
- ensure AuthGate wraps main routes when oidcMode is on, even if waitlist is disabled, so unauthenticated users get redirected
There was a problem hiding this comment.
Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.
Code ReviewSecurity / Breaking Change The default authentication posture has reversed. Previously, the frontend auth gate was on by default — When
This is fine if the intent is that the waitlist is the only reason to enforce frontend auth (i.e. the backend always enforces auth independently). But it's a breaking default for any existing deployment that was relying on the old secure-by-default posture — upgrading without setting Suggestion: If there are production deployments on the old env-var scheme, consider a migration note or a deprecation warning for No other issues found. |
| {/* Main app routes - authenticated only (pass-through when waitlist and OIDC both disabled) */} | ||
| <Route | ||
| element={ | ||
| shouldBypassWaitlist ? ( | ||
| <Outlet /> | ||
| ) : ( | ||
| oidcMode || waitlistEnabled ? ( | ||
| <AuthGate require="authenticated" redirectTo={oidcMode ? '/oidc-redirect' : '/waitlist'} /> | ||
| ) : ( | ||
| <Outlet /> | ||
| ) | ||
| } | ||
| > |
There was a problem hiding this comment.
When oidcMode=false and waitlistEnabled=false (the new default when VITE_ENABLE_WAITLIST is unset), this evaluates to <Outlet /> — no auth gate at all. Previously the default was the opposite: auth was required unless VITE_BYPASS_WAITLIST=true was explicitly set.
If the intent is that the backend always enforces auth and the frontend gate is purely for the waitlist UX, this is fine. If any production environment was relying on the frontend auth gate as a default, upgrading without setting VITE_ENABLE_WAITLIST=true silently removes it.
2 participants
This replaces the waitlist opt-out var (
VITE_BYPASS_WAITLIST) with an opt-in var (VITE_ENABLE_WAITLIST) so that users self-deploying will not encounter the waitlist unnecessarily. The waitlist is only used by Mozilla's upcoming hosted version of Thunderbolt and is not appropriate for self-hosting users.Note
Low Risk
Small, localized routing/env-var change; main risk is misconfiguration causing unexpected waitlist gating or access behavior in deployments.
Overview
The waitlist gate is flipped from an opt-out model (removed
VITE_BYPASS_WAITLIST) to an opt-in model viaVITE_ENABLE_WAITLIST.Routing guards in
src/app.tsxare updated so the/waitlistroute only exists whenVITE_ENABLE_WAITLIST=true(and not in PR previews), and the main app routes only require authentication/redirection to/waitlistwhen the waitlist is enabled (or to/oidc-redirectin OIDC mode).Reviewed by Cursor Bugbot for commit 9141bc6. Bugbot is set up for automated code reviews on this repo. Configure here.