Using "OIDCPreservePost On" makes initial unauthenticated post request leak to application #951
Unanswered
patrikbjork
asked this question in
Q&A
Replies: 1 comment 8 replies
-
if application logs refers to the Apache logs, then that is the intended behaviour; the initial POST is intercepted, the authentication flow is done and then a Javsacript autosubmit page is presented to the browser; in the logs it would see
|
Beta Was this translation helpful? Give feedback.
8 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
When I make an unauthenticated (post) request to my application all seems to work fine. I'm redirected to IDP login page, enter credentials and the post is preserved correctly. However, I can see in my application logs that a post request is made on my initial request. The leaked request doesn't have any post parameters, but it still is a post request. This can't be an intended behavior, is it? Should I file an issue?
Beta Was this translation helpful? Give feedback.
All reactions