Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Data leaking between server-side rendered pages #97

Open
jstasiak opened this issue Jul 15, 2022 · 2 comments
Open

Data leaking between server-side rendered pages #97

jstasiak opened this issue Jul 15, 2022 · 2 comments

Comments

@jstasiak
Copy link

Hey,

Thank you for the project, I figured you'd be interested in what I'm about to report here:

We have a page that's generated using Gatsby.

Initially we used react-helmet and gatsby-plugin-react-helmet but there were issues with some server-side rendered pages having either other pages' HEAD tags or no tags at all (cross-page data leak). We read around a little bit and we saw some reports of react-helmet not being safe in case of IO/async stuff happening when server-side rendering takes place.

We switched to react-helmet-async and gatsby-plugin-react-helmet-async following react-helmet-async's declaration that

react-helmet relies on react-side-effect, which is not thread-safe. If you are doing anything asynchronous on the server, you need Helmet to encapsulate data on a per-request basis, this package does just that.

Unfortunately we discovered that this does not help. There are no cases of pages having empty HEAD tags, admittedly, but in 100% of the Gatsby project builds one of the pages has HEAD tags that belong to a different page.

The content for the pages is generated from the filesystem and from an external CMS accessed through HTTP(S) (Prismic).

There's nothing special in the way we use(d) react-helmet-async or the Gatsby plugin so I'm not providing any code at this stage.

I'm not sure where it's best to report this so I'm reporting it here since the plugin was our direct dependency (we had to switch to managing the HEAD tags ourselves).

Software versions:

  • Node.js 16.14.0
  • Gatsby 4.6.0
  • gatsby-plugin-react-helmet-async 1.2.1
  • react-helmet-async 1.3.0
  • React 17.0.1

I've tried upgrading the software to the latest versions, where possible or where we weren't already using the latest, no change in behavior.
@mjBayati
Copy link

I have same issue, is there any update ?

@mjBayati mjBayati mentioned this issue Dec 9, 2022
Open
@mjBayati
Copy link

mjBayati commented Dec 9, 2022

After investigating the concepts behind helment-async, and what kind of problems that will be resolved by this package. I figured out how this package should be worked when is used by server side framworks like gatsby.

Also to be aligned with how to add this plugin to gatsby, I read about gatsby-ssr-apis

and here is the pull request that will fix problem of data leaking between different pages :

the change is about avoiding to use same shared object between different pages in gatsby-ssr,
to do this, I changed context that is used in HelmetProvider, to be separated by pathname for each page.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jstasiak @mjBayati