fix: handle url fragments for redirects#4464
Conversation
|
|
||
| <script type="text/javascript"> | ||
| if (window.location.hash) { | ||
| var buttons = document.querySelectorAll('div.theme-form-row a'); |
There was a problem hiding this comment.
| var buttons = document.querySelectorAll('div.theme-form-row a'); | |
| var buttons = document.querySelectorAll('div.theme-form-row a'); |
NIT: Can we make the selector more straightforward? Maybe we can add ID to the password button.
There was a problem hiding this comment.
Do you mean to only change the button that is linking to a password connector, or all connectors? I think this applies to all connectors. Because a press on any provider button will not include the url fragment, if not explicitly injected.
If you want to support all connectors, I can make it more specific by adding a class to the anchor elements "provider-anchor" and update the query selector to a.provider-anchor.
(edit: or maybe better to add an id attribute "providers" to the parent div and then use "#providers a")
Or do you have something else in mind?
There was a problem hiding this comment.
You are selecting div by a class, and I think more about selecting div by id or something.
getElementById('myId') or querySelectorAll('div#myId')
There was a problem hiding this comment.
Allright. I added id providers to the container div and now select all anchors found in the providers element using #providers a.
I cannot set unique id attribute on anchors because we loop through connectors. Unless we use the connector's identifier (if it exists) as id, with the downside we have to loop over these identifiers in javascript as well. To get these identifiers into javascript we will have to mix the template language and javascript, and this is asking for trouble if you ask me.
Let me know what you think
hvoort
force-pushed
the
fix-fragment-handling
branch
3 times, most recently
from
1b59612 to
f3ee31f
Compare
Signed-off-by: Huub van der Voort <github@hvdvoort.nl>
Signed-off-by: Huub van der Voort <github@hvdvoort.nl>
hvoort
force-pushed
the
fix-fragment-handling
branch
from
f3ee31f to
c35df8d
Compare
2 participants
Overview
Includes original URL fragment throughout auth process to keep it in the original redirect.
What this PR does / why we need it
Closes #4462
Including the URL fragment on the pages that do form posts to different URL (not to self) and anchor links to providers.
Special notes for your reviewer
What are implications of adding the hash to the URLs on the login.html page. Do some providers use the hash and if so this will mess up the url fragment. Maybe we should only add it to the password.html page.
Tested manually using the following flow:
./bin/dex serve examples/config-dev.yamlcd examples && go run ./example-apphttp://127.0.0.1:5555/click login#foobarto the URL and force refresh#foobarto the URL and force refreshadmin@example.comandpasswordand observe the fragment is still there after being redirected.