Hey there - we have been using ServiceStack for a really long time and love it! We recently started using the server events in a CORS environment with the Javascript client. Everything worked correctly until a recompile (server recycle) at which point we would start getting 401 authentication issues. Cookies were still there and everything, but it would 401. I spent an embarrassingly long amount of time tracking this one down. The main issue comes down to this:
-
We first called the /auth/credential endpoint to “sign in” which set the cookies (remember this is a CORS environment and we already had all our CORS stuff setup correctly because the API was working fine)
-
When we setup the event source initially we created it as follows: (note the withCredentials)
this.eventStream = new EventSource(url, { withCredentials: true });
-
When we did a recompile (server recycle) this function was getting called in the ss-utils.js
$.ss.reconnectServerEvents = function
-
That function creates a NEW EventSource but does not specify withCredentials, which means that the new EventSource will no longer send auth cookies and stop working.
The patch would be a simple adding of arguments to the EventSource constructor preserving the CURRENT EventSource’s withCredentials, e.g
var es = new EventSource(opt.url || $.ss.eventSourceUrl || hold.url, { withCredentials: currWithCredentials});
I only bring this up here in order to hopefully save someone in the future a lot of troubleshooting