Skip to content

fix(webapp): strip secure param from query ClickHouse URL#3204

Merged
ericallam merged 1 commit intotriggerdotdev:mainfrom
edosrecki:fix/clickhouse-query-client-secure-param
Mar 11, 2026
Merged

fix(webapp): strip secure param from query ClickHouse URL#3204
ericallam merged 1 commit intotriggerdotdev:mainfrom
edosrecki:fix/clickhouse-query-client-secure-param

Conversation

@edosrecki
Copy link
Contributor

@edosrecki edosrecki commented Mar 10, 2026

Closes #3184

✅ Checklist

  • I have followed every step in the contributing guide
  • The PR title follows the convention.
  • I ran and tested the code works

Changelog

The initializeQueryClickhouseClient() function was missing the url.searchParams.delete("secure") call that the other two sibling ClickHouse client init functions already had. This caused a startup crash (Error: Unknown URL parameters: secure) when QUERY_CLICKHOUSE_URL fell back to CLICKHOUSE_URL which contains ?secure=false.

@edosrecki
fix(webapp): strip secure param from query ClickHouse URL
3efcdf5 
The `initializeQueryClickhouseClient()` function was missing the
`url.searchParams.delete("secure")` call that the other two sibling
ClickHouse client init functions already had. This caused a startup
crash (`Error: Unknown URL parameters: secure`) when QUERY_CLICKHOUSE_URL
fell back to CLICKHOUSE_URL which contains `?secure=false`.

Fixes triggerdotdev#3184
@changeset-bot
Copy link

changeset-bot bot commented Mar 10, 2026

⚠️ No Changeset found

Latest commit: 3efcdf5

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions
Copy link
Contributor

github-actions bot commented Mar 10, 2026

Hi @edosrecki, thanks for your interest in contributing!

This project requires that pull request authors are vouched, and you are not in the list of vouched users.

This PR will be closed automatically. See https://github.com/triggerdotdev/trigger.dev/blob/main/CONTRIBUTING.md for more details.

@github-actions github-actions bot closed this Mar 10, 2026
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 10, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 1d3dce7a-ebff-4eff-8d4a-39f7b189198e

📥 Commits

Reviewing files that changed from the base of the PR and between c0b6309 and 3efcdf5.

📒 Files selected for processing (2)
  • .server-changes/fix-clickhouse-query-client-secure-param.md
  • apps/webapp/app/services/clickhouseInstance.server.ts

Walkthrough

This pull request documents and implements a fix to strip the "secure" query parameter from QUERY_CLICKHOUSE_URL before passing it to the ClickHouse client within the initializeQueryClickhouseClient function. The change brings the query client behavior into alignment with the existing main and logs ClickHouse clients, preventing a startup crash caused by unknown URL parameters. The fix consists of a documentation file and a three-line code modification that removes the parameter from the URL.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@ericallam ericallam reopened this Mar 10, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Mar 10, 2026

Hi @edosrecki, thanks for your interest in contributing!

This project requires that pull request authors are vouched, and you are not in the list of vouched users.

This PR will be closed automatically. See https://github.com/triggerdotdev/trigger.dev/blob/main/CONTRIBUTING.md for more details.

@github-actions github-actions bot closed this Mar 10, 2026
devin-ai-integration[bot]
devin-ai-integration bot reviewed Mar 10, 2026
View reviewed changes
Copy link
Contributor

@devin-ai-integration devin-ai-integration bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Devin Review found 1 potential issue.

Open in Devin Review

apps/webapp/app/services/clickhouseInstance.server.ts
Comment on lines +86 to +87
// Remove secure param
url.searchParams.delete("secure");
Copy link
Contributor

@devin-ai-integration devin-ai-integration bot Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚩 Pre-existing: runs replication ClickHouse clients also missing secure param stripping

While this PR correctly fixes the missing secure param deletion for the query ClickHouse client, two other call sites have the same pre-existing issue:

  1. apps/webapp/app/services/runsReplicationInstance.server.ts:25-26 passes env.RUN_REPLICATION_CLICKHOUSE_URL directly to new ClickHouse() without stripping secure.
  2. apps/webapp/app/routes/admin.api.v1.runs-replication.create.ts:80-81 does the same.

These use a different env var (RUN_REPLICATION_CLICKHOUSE_URL) which may or may not contain the secure query parameter depending on the deployment. If it does, these clients would also hit the same startup crash described in this PR's changelog. Worth a follow-up fix for consistency.

Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

@ericallam ericallam reopened this Mar 11, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Mar 11, 2026

Hi @edosrecki, thanks for your interest in contributing!

This project requires that pull request authors are vouched, and you are not in the list of vouched users.

This PR will be closed automatically. See https://github.com/triggerdotdev/trigger.dev/blob/main/CONTRIBUTING.md for more details.

@github-actions github-actions bot closed this Mar 11, 2026
@ericallam
Copy link
Member

ericallam commented Mar 11, 2026

@claude why is this an issue? Can't people just not add the secure param to the env var instead?

@claude
Copy link

claude bot commented Mar 11, 2026
edited
Loading

Claude finished @ericallam's task in 39s —— View job

Analyzing Question

  • Read the relevant code to understand the fallback behavior
  • Formulate answer about why this fix is needed

Good question! The issue is the fallback behavior in the env configuration.

Looking at apps/webapp/app/env.server.ts:1232-1235:

QUERY_CLICKHOUSE_URL: z
  .string()
  .optional()
  .transform((v) => v ?? process.env.CLICKHOUSE_URL),

When QUERY_CLICKHOUSE_URL is not explicitly set, it automatically falls back to CLICKHOUSE_URL. The main CLICKHOUSE_URL commonly includes ?secure=false (or ?secure=true) as part of its configuration.

So even if users don't add secure to QUERY_CLICKHOUSE_URL directly, the fallback path causes the secure param to be inherited from CLICKHOUSE_URL. This then crashes the ClickHouse client with Error: Unknown URL parameters: secure.

The other two sibling functions (initializeClickhouseClient and initializeLogsClickhouseClient) already strip this param for exactly this reason - the query client was just missing the same treatment.

@ericallam ericallam reopened this Mar 11, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Mar 11, 2026

Hi @edosrecki, thanks for your interest in contributing!

This project requires that pull request authors are vouched, and you are not in the list of vouched users.

This PR will be closed automatically. See https://github.com/triggerdotdev/trigger.dev/blob/main/CONTRIBUTING.md for more details.

@github-actions github-actions bot closed this Mar 11, 2026
@ericallam ericallam reopened this Mar 11, 2026
@ericallam ericallam merged commit b8766e7 into triggerdotdev:main Mar 11, 2026
8 checks passed
@github-actions
Copy link
Contributor

github-actions bot commented Mar 11, 2026

Hi @edosrecki, thanks for your interest in contributing!

This project requires that pull request authors are vouched, and you are not in the list of vouched users.

This PR will be closed automatically. See https://github.com/triggerdotdev/trigger.dev/blob/main/CONTRIBUTING.md for more details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

@ericallam ericallam ericallam approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

bug: Unknown URL parameters: secure in trigger container

2 participants

@edosrecki @ericallam