diff options
| author | mia <mia@mia.jetzt> | 2024-07-19 17:46:50 -0700 |
|---|---|---|
| committer | mia <mia@mia.jetzt> | 2024-07-19 17:46:50 -0700 |
| commit | 3b8f8f8fe4fe8e41e91ece2fa284dc940278f6af (patch) | |
| tree | 9f9b7d47755ee131ce44e4c51d418f74610f0891 /nginx | |
| parent | 8886f4e5af15feb05b872b633dbb6bb169b44017 (diff) | |
| download | asylum-3b8f8f8fe4fe8e41e91ece2fa284dc940278f6af.tar.gz asylum-3b8f8f8fe4fe8e41e91ece2fa284dc940278f6af.zip | |
properly redirect successful auth requests to the target uri
Diffstat (limited to 'nginx')
| -rw-r--r-- | nginx/handoff.html | 6 | ||||
| -rw-r--r-- | nginx/sync.py | 4 |
2 files changed, 7 insertions, 3 deletions
diff --git a/nginx/handoff.html b/nginx/handoff.html index c160580..f012451 100644 --- a/nginx/handoff.html +++ b/nginx/handoff.html @@ -12,7 +12,11 @@ location = "https://dissociate.mia.jetzt/logout"; } await fetch(`/.nginx/cookie?token=${data.token}&max_age=${data.expiresIn - 60}`); - location = "/"; + if (location.hash) { + location = location.hash.slice(1); + } else { + location = "/"; + } } else { console.log("not authenticated, redirecting"); location = "https://dissociate.mia.jetzt/login"; diff --git a/nginx/sync.py b/nginx/sync.py index 9b02c45..9d81a39 100644 --- a/nginx/sync.py +++ b/nginx/sync.py @@ -12,7 +12,7 @@ handoff = map(lambda line: spacing_pattern.sub(r"\1 ", line), handoff) handoff = "".join(handoff).replace('"', '\\"').replace("$", "${dollar}") auth_check = """if ($cookie___proxy_token = "") { - return 303 https://$host/.nginx/handoff.html; + return 303 https://$host/.nginx/handoff.html#$request_uri; } auth_request /.nginx/auth;""" @@ -34,7 +34,7 @@ auth_locations = ( } location /.nginx/cookie { - add_header Set-Cookie "__proxy_token=${arg_token}; max-age=${arg_max_age}; path=/; httponly; secure"; + add_header Set-Cookie "__proxy_token=${arg_token}; max-age=${arg_max_age}; path=/; httponly; samesite=lax; secure"; return 200; }""" ) |