Fix logout redirects to custom URL schemas#8402
Closed
liujed wants to merge 1 commit intoapereo:masterfrom
Closed
Conversation
Post-logout redirect URLs with custom URL schemas were incorrectly being
treated as CAS-relative paths. This resulted in, for example, a redirect
intended for `custom://foo` being sent instead to
`https://localhost:8443/cas/custom://foo`.
To address this, the post-logout redirect is now sent through CAS's
OAuth2 `callbackAuthorize` endpoint, which handles custom URL schemas
correctly.
Unfortunately, Puppeteer doesn't interact well with custom URL schemes:
- When an unregistered scheme like `custom://` is used, Chromium
requires manual intervention to pass the URL onto Linux's
`xdg-open`, which Puppeteer is unable to observe.
- When a well-known scheme like `mailto:` is used, this leaks out into
the OS's `mailto` handler, which Puppeteer is also unable to
observe.
- Having Puppeteer intercept an unregistered scheme isn't an option,
according to puppeteer/puppeteer#9683.
This makes it challenging to write a comprehensive functional test.
Instead, this PR has a negative test that checks that the custom URL
scheme isn't treated as a relative path.
4 tasks
Member
|
Thank you for submitting this patch.
|
Author
|
Thanks, Misagh. Patch submitted upstream as spring-projects/spring-webflow#1841. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Post-logout redirect URLs with custom URL schemas were incorrectly being treated as CAS-relative paths. This resulted in, for example, a redirect intended for
custom://foobeing sent instead tohttps://localhost:8443/cas/custom://foo.To address this, the post-logout redirect is now sent through CAS's OAuth2
callbackAuthorizeendpoint, which handles custom URL schemas correctly.Unfortunately, Puppeteer doesn't interact well with custom URL schemes:
custom://is used, Chromium requires manual intervention to pass the URL onto Linux'sxdg-open, which Puppeteer is unable to observe.mailto:is used, this leaks out into the OS'smailtohandler, which Puppeteer is also unable to observe.This makes it challenging to write a comprehensive functional test. Instead, this PR has a negative test that checks that the custom URL scheme isn't treated as a relative path.