How to force auth redirect #950
Replies: 1 comment
-
Is it possible this is the situation I am running into? So I have a SPA using Angular. so in testing this auth failure I restart apache which will kill the session. My thought was that I would send the user directly to the auth page again without the need to refresh. But maybe the discussion above is saying that is not valid. My only recourse would be maybe to redirect the user to a page saying they have been logged out. Would a full page refresh be the only option at that point? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
In reading the documentation in the auth_openidc.conf I'm trying to force an XML HTTP request that is no longer authenticated to redirect to authentication.
But now I get the error
Access to XMLHttpRequest at 'https://login.windows.net/{tenant}/oauth2/authorize?response_type=code&scope=openid%20email%20profile%20offline_access&client_id={BLAH}&redirect_uri=https%3A%2F%2Fserver%3A38080%2Fsecure%2Fredirect%3Finfo%3Djson%26access_token_refresh_interval%3D60&nonce=BLAH' (redirected from 'https://server:8080/web/some/resources/v1.0/blah') from origin 'https://server:38080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
My question is that I'm struggling with CORS and first I want to make sure this is something that is valid. I added the following configs to my VirtualHost in an effort to just see if it's possible, but it doesn't seem to help.
Header always set Access-Control-Allow-Credentials: true
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token, access-control-allow-origin"
Do you have any insight? It seems like this same thing is happening when I initially try to launch the page and the library redirects me, the difference is the XML request.
Beta Was this translation helpful? Give feedback.
All reactions