feat(self-hosting): allow configuring CAP_CHROME_EXTENSION_ID for extension login#1992
feat(self-hosting): allow configuring CAP_CHROME_EXTENSION_ID for extension login#1992jerryno6 wants to merge 2 commits into
Conversation
| ```bash | ||
| CAP_URL=https://cap.yourdomain.com | ||
| S3_PUBLIC_URL=https://s3.yourdomain.com | ||
| CAP_CHROME_EXTENSION_ID=fefjaffcodfiogbbngmjkcjpbpclbdcp # Chrome Web Store extension ID allowed to receive auth keys |
There was a problem hiding this comment.
Published Extension ID Misleads Self-Hosts
When an operator builds or loads their own extension, Chrome uses that extension's assigned ID in chrome.identity.getRedirectURL(), not the published Cap Web Store ID shown here. Following this snippet with a self-built extension makes the backend compare against the wrong ID and reject extension login with 400.
| CAP_CHROME_EXTENSION_ID=fefjaffcodfiogbbngmjkcjpbpclbdcp # Chrome Web Store extension ID allowed to receive auth keys | |
| CAP_CHROME_EXTENSION_ID=your-chrome-extension-id # Extension ID allowed to receive auth keys (e.g. fefjaffcodfiogbbngmjkcjpbpclbdcp for the published Chrome Web Store extension) |
Context Used: CLAUDE.md (source)
Prompt To Fix With AI
This is a comment left during a code review.
Path: README.md
Line: 109
Comment:
**Published Extension ID Misleads Self-Hosts**
When an operator builds or loads their own extension, Chrome uses that extension's assigned ID in `chrome.identity.getRedirectURL()`, not the published Cap Web Store ID shown here. Following this snippet with a self-built extension makes the backend compare against the wrong ID and reject extension login with 400.
```suggestion
CAP_CHROME_EXTENSION_ID=your-chrome-extension-id # Extension ID allowed to receive auth keys (e.g. fefjaffcodfiogbbngmjkcjpbpclbdcp for the published Chrome Web Store extension)
```
**Context Used:** CLAUDE.md ([source](https://app.greptile.com/cap/github/capsoftware/cap/-/custom-context?memory=9a906542-f1fe-42c1-89a2-9f252d96d9f0))
How can I resolve this? If you propose a fix, please make it concise.Co-authored-by: tembo[bot] <208362400+tembo[bot]@users.noreply.github.com>
| CAP_CHROME_EXTENSION_ID=fefjaffcodfiogbbngmjkcjpbpclbdcp | ||
| ``` |
There was a problem hiding this comment.
Hard-coding the published Web Store ID here might confuse self-hosters who build/load the extension themselves (their extension ID will differ). Might be clearer to show a placeholder and mention the published ID in a comment.
| CAP_CHROME_EXTENSION_ID=fefjaffcodfiogbbngmjkcjpbpclbdcp | |
| ``` | |
| # Chrome extension ID allowed to receive auth keys | |
| # Published Chrome Web Store extension: fefjaffcodfiogbbngmjkcjpbpclbdcp | |
| CAP_CHROME_EXTENSION_ID=your-chrome-extension-id |
There was a problem hiding this comment.
THis is the official chrome extension of CAP, we should keep it as it is. Just mention it in the comment is enough
Problem
When deploying Cap on a self-hosted instance, attempting to log in via the Chrome extension results in a
400 Bad Request/ authentication failure. This is because the Next.js backend checks the incomingredirectUriagainst the allowed Chrome Web Store extension ID (via theCAP_CHROME_EXTENSION_IDenvironment variable). Since this variable is not mapped to the container in the default Docker Compose configurations and is undocumented, extension logins fail on all self-hosted deployments.Solution
CAP_CHROME_EXTENSION_IDenvironment variable mapping todocker-compose.ymlanddocker-compose.coolify.ymlunder thecap-webservice.docker-compose.coolify.env.example.README.mdunder the Self-Hosting environment list.Fixes #1993