Open r300mrg opened 2 months ago
If Nginx config has a location block which is changed via rewrite, when the id_token and access_token times out and refreshes the rewritten URL is not found and a 404 page experienced with logs indicating URL and file not found.
rewrite
e.g.
location /my-site/contact { rewrite ^/my-site/(/.*)$ $1 break; }
So the link becomes /contact
I’ve traced this issue I experienced to the function retryOriginalRequest in the openid_connect.js file and this function is using the uri variable.
retryOriginalRequest
openid_connect.js
uri
If I update uri to request_uri I don’t have any 404 errors and the logs don’t show the URL or file was not found.
request_uri
function retryOriginalRequest(r) { delete r.headersOut["WWW-Authenticate"]; // Remove evidence of original failed auth_jwt //r.internalRedirect(r.variables.uri + r.variables.is_args + (r.variables.args || '')); // Original r.internalRedirect(r.variables.request_uri + r.variables.is_args + (r.variables.args || '')); // Allows rewrite URLs }
Please review if this change is suitable for a wider audience and make the repo changes if relevant.
Thanks
If Nginx config has a location block which is changed via
rewrite, when the id_token and access_token times out and refreshes the rewritten URL is not found and a 404 page experienced with logs indicating URL and file not found.e.g.
So the link becomes /contact
I’ve traced this issue I experienced to the function
retryOriginalRequestin theopenid_connect.jsfile and this function is using theurivariable.If I update
uritorequest_uriI don’t have any 404 errors and the logs don’t show the URL or file was not found.e.g.
Please review if this change is suitable for a wider audience and make the repo changes if relevant.
Thanks