From 3b8f8f8fe4fe8e41e91ece2fa284dc940278f6af Mon Sep 17 00:00:00 2001 From: mia Date: Fri, 19 Jul 2024 17:46:50 -0700 Subject: properly redirect successful auth requests to the target uri --- nginx/handoff.html | 6 +++++- nginx/sync.py | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'nginx') diff --git a/nginx/handoff.html b/nginx/handoff.html index c160580..f012451 100644 --- a/nginx/handoff.html +++ b/nginx/handoff.html @@ -12,7 +12,11 @@ location = "https://dissociate.mia.jetzt/logout"; } await fetch(`/.nginx/cookie?token=${data.token}&max_age=${data.expiresIn - 60}`); - location = "/"; + if (location.hash) { + location = location.hash.slice(1); + } else { + location = "/"; + } } else { console.log("not authenticated, redirecting"); location = "https://dissociate.mia.jetzt/login"; diff --git a/nginx/sync.py b/nginx/sync.py index 9b02c45..9d81a39 100644 --- a/nginx/sync.py +++ b/nginx/sync.py @@ -12,7 +12,7 @@ handoff = map(lambda line: spacing_pattern.sub(r"\1 ", line), handoff) handoff = "".join(handoff).replace('"', '\\"').replace("$", "${dollar}") auth_check = """if ($cookie___proxy_token = "") { - return 303 https://$host/.nginx/handoff.html; + return 303 https://$host/.nginx/handoff.html#$request_uri; } auth_request /.nginx/auth;""" @@ -34,7 +34,7 @@ auth_locations = ( } location /.nginx/cookie { - add_header Set-Cookie "__proxy_token=${arg_token}; max-age=${arg_max_age}; path=/; httponly; secure"; + add_header Set-Cookie "__proxy_token=${arg_token}; max-age=${arg_max_age}; path=/; httponly; samesite=lax; secure"; return 200; }""" ) -- cgit 1.4.1