hyperfiddle

braai engineer 2025-09-24T09:36:37.655339Z

Is this the right middleware order to add basic authentication to v3 starter app? (authenticate function just returns username if hard-coded password matches – temporary)

(-> (fn [ring-request] (-> (ring-response/resource-response "index.dev.html" {:root "public/electric_starter_app"}) (ring-response/content-type "text/html")))
         (wrap-resource "public/electric_starter_app")
         (wrap-content-type)
         (electric-ring/wrap-electric-websocket (fn [ring-request] (electric-starter-app.main/electric-boot ring-request)))
         (wrap-demo-authentication)
         ; note no no rejection here for stale Electric client (dev.cljc)
         (cookies/wrap-cookies) ; order?
         (wrap-params))
I'm seeing the same "username" cookie on two paths (only expect on /). When I clear the cookies in browser, they come back on reload.

braai engineer 2025-09-24T09:37:06.522379Z

whe wrap-demo-authentication is:

(defn wrap-demo-authentication "A Basic Auth example. Accepts any username/password and store the username in a cookie."
     [next-handler]
     (-> (fn [ring-req]
           (let [res (next-handler ring-req)]
             (if-let [username (:basic-authentication ring-req)]
               (ring-response/set-cookie res "username" username {:http-only true})
               res)))
       (auth/wrap-basic-authentication authenticate)))

Geoffrey Gaillard 2025-09-24T16:10:11.112659Z

The order seem correct. > When I clear the cookies in browser, they come back on reload. Browsers cache basic authentication. So the cookie is set again on refresh. Try in private browsing mode.

👍 1