search

zmartzone / lua-resty-openidc

OpenID Connect Relying Party and OAuth 2.0 Resource Server implementation in Lua for NGINX / OpenResty
Apache License 2.0
976 stars 249 forks source link

restrict zero-pixel image logout to actual image requests #525

Closed bodewig closed 2 months ago

bodewig commented 3 months ago

should fix #521

tillsc commented 3 months ago

Shouldn’t application/xhtml+xml win over image mime types too?

bodewig commented 3 months ago

likely any text/* type could/should. I've explicitly added XHTML with ab9c386 - thanks.

julien-sarik commented 2 months ago

I've just tested this and I confirm it fixes the logout issue caused by default Accept header from Firefox 128 :+1: