fix(cli): enable documented .referrer redirect behavior #543
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
thsackos
requested review from
manekinekko,
sgollapudi77 and
sulabh-msft
as code owners
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| // The Production SWA service supports replacing `.referrer` with the current route, so that the user can redirected to a deep link after the authentication flow. | ||
| // Since the route can contain a path with a query we will want to encode it and the `auth.html` page will need to decode it before changing the page. | ||
| const redirectWithReferrerReplaced = rule.redirect.replace(".referrer", encodeURIComponent(req.url || "")) + "&decode_redirect=1"; | ||
| res.setHeader("Location", redirectWithReferrerReplaced); |
Check warning
Code scanning / CodeQL
Server-side URL redirect
manekinekko
requested changes
Aug 18, 2022
|
Thank you for submitting this fix @thsackos. Can you update the PR as per the requested changes and also make sure your commit message follows our guidelines? Thank you. |
thsackos
changed the title
The documentation calls out user-defined redirect behavior using the .referrer parameter in the response override configuration. This PR enables the SWA CLI emulator to support that functionality. Fixes #542
|
@manekinekko Thanks, good ideas! Tested locally again. I don't understand the warnings above, do I need to change anything for xss? |
manekinekko
approved these changes
Aug 22, 2022
|
@thsackos no worries about these warnings. We can ignore them for this PR. |
| @@ -202,7 +202,8 @@ | |||
| const urlSearch = (metaSearch || location.search).replace("?", ""); | |||
| const urlQuery = urlSearch && Object.fromEntries(new Map(urlSearch.split("&").map((query) => query.split("=")))); | |||
| const postLoginRedirectUri = urlQuery ? urlQuery["post_login_redirect_uri"] : redirectPath; | |||
| window.location.href = postLoginRedirectUri || defaultRedirectPath; | |||
|
|
|||
| window.location.href = decodeURIComponent(postLoginRedirectUri) || defaultRedirectPath; | |||
Check warning
Code scanning / CodeQL
Client-side cross-site scripting
| @@ -202,7 +202,8 @@ | |||
| const urlSearch = (metaSearch || location.search).replace("?", ""); | |||
| const urlQuery = urlSearch && Object.fromEntries(new Map(urlSearch.split("&").map((query) => query.split("=")))); | |||
| const postLoginRedirectUri = urlQuery ? urlQuery["post_login_redirect_uri"] : redirectPath; | |||
| window.location.href = postLoginRedirectUri || defaultRedirectPath; | |||
|
|
|||
| window.location.href = decodeURIComponent(postLoginRedirectUri) || defaultRedirectPath; | |||
Check warning
Code scanning / CodeQL
Client-side URL redirect
|
@all-contributors add @thsackos code |
|
I've put up a pull request to add @thsackos! 🎉 |
|
This is awesome! If I read this right this will handle querystring in the referrer as well? I'm hoping that SWAs will handle these as well at some point. Watching this issue intently: |
sgollapudi77
added a commit
that referenced
this pull request
Dec 19, 2022
commit 02fdb90 Author: Yohan Lasorsa <[email protected]> Date: Fri Dec 16 10:09:48 2022 +0100 fix: --api-devserver-url not working if --api-location not set (#523, #579) (#620) * fix: --api-devserver-url not working if --api-location not set (#523, #579) * docs: fix documentation regarding --api-devserver-url usage (#579) commit 7ecbae2 Author: Reshmi Sriram <[email protected]> Date: Thu Dec 15 13:10:12 2022 +0530 docs: Add firewall section to troubleshoot (#618) * Added firewall section * updated the message commit eee1263 Author: BeardinaSuit <[email protected]> Date: Sun Dec 11 23:54:32 2022 -0500 fix: handle new provider name when deploying (#617) commit 27ec687 Author: Stuart Leeks <[email protected]> Date: Tue Dec 6 09:40:07 2022 +0000 Fix typo (#605) fix: typo in CONTRIBUTING.md commit 9c43aa8 Author: Stuart Leeks <[email protected]> Date: Tue Dec 6 09:38:51 2022 +0000 Update title (#606) docs: In the doc content this is referred to as the "configuration file" and this feels like a more natural title commit 97e9461 Merge: 08ac26c ac6909a Author: Rupa Reddy <[email protected]> Date: Tue Dec 6 13:06:18 2022 +0530 Merge pull request #614 from Azure/origin/rupareddy/LoginCC fix(login): fixed short-form of --clear-credentials flag commit 08ac26c Merge: 2cd0e98 6d1ad19 Author: Rupa Reddy <[email protected]> Date: Tue Dec 6 12:59:29 2022 +0530 Merge pull request #613 from Azure/origin/rupareddy/FixRGName fix(deploy): create SWA in user-provided Resource Group commit 6d1ad19 Author: rupareddy5 <[email protected]> Date: Mon Dec 5 14:57:37 2022 +0530 fix: to fix the inability to create a SWA in user-mentioned resource group, changed all the resourceGroupName references to resourceGroup in the code to match with --resource-group flag. commit ac6909a Author: rupareddy5 <[email protected]> Date: Mon Dec 5 13:34:00 2022 +0530 fixed short-form of --clear-credentials flag commit ca856be Author: rupareddy5 <[email protected]> Date: Fri Dec 2 16:17:38 2022 +0530 create SWA in user-provided Resource Group commit 2cd0e98 Author: sgollapudi77 <[email protected]> Date: Wed Nov 9 11:32:46 2022 +0530 chore: upgrade dependency version to fix security vulnerability (#597) * chore: upgrade dependency version to fix security vulnerability * chore: upgrade integrity of package commit 3bdc5f1 Author: sgollapudi77 <[email protected]> Date: Sun Oct 9 16:34:22 2022 +0530 chore: bump into 1.0.4-alpha after release (#586) commit 5ab32a7 Merge: b4fbf3a a6f08e3 Author: Sulabh Upadhyay <[email protected]> Date: Fri Oct 7 14:15:35 2022 +0530 Merge pull request #585 from Azure/all-contributors/add-rupareddy5-21 docs: add rupareddy5-21 as a contributor for code commit a6f08e3 Author: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com> Date: Fri Oct 7 08:20:26 2022 +0000 docs: update .all-contributorsrc commit b461129 Author: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com> Date: Fri Oct 7 08:20:25 2022 +0000 docs: update docs/www/docs/contribute/3-contributors.md commit b4fbf3a Author: sgollapudi77 <[email protected]> Date: Fri Oct 7 12:51:28 2022 +0530 ci: Remove Node 12 from the testing matrix (#584) commit 4b0114b Author: sgollapudi77 <[email protected]> Date: Fri Oct 7 12:01:04 2022 +0530 chore: prep-release 1.0.3 (#583) commit 4af9624 Author: Wassim Chegham <[email protected]> Date: Fri Oct 7 07:30:23 2022 +0200 docs: update troubleshooting with explainer #576 (#581) commit 70c126e Author: Wassim Chegham <[email protected]> Date: Fri Oct 7 07:30:03 2022 +0200 docs: add valid azure regions for SWA (#582) * docs: add valid azure regions for SWA * docs: update azure regions commit 6004141 Author: Wassim Chegham <[email protected]> Date: Thu Oct 6 08:52:36 2022 +0200 fix(core): match * glob in routes (#574) Fixes #569 commit d24df7a Author: Aaron Powell <[email protected]> Date: Thu Oct 6 17:51:46 2022 +1100 fix(api): bumping the node support to 18 for v4 functions (#564) commit 1fec77e Merge: 19c619b 2771906 Author: Rupa Reddy <[email protected]> Date: Thu Oct 6 11:38:36 2022 +0530 Merge pull request #577 from rupareddy5-21/main Updating deployment provider commit 2771906 Author: Rupa Reddy <[email protected]> Date: Thu Sep 29 16:34:22 2022 +0530 Updating Deployment provider commit 1b7fabd Author: Rupa Reddy <[email protected]> Date: Thu Sep 29 16:33:02 2022 +0530 updating Deployment provider commit 19c619b Author: Natalia Venditto <[email protected]> Date: Mon Sep 26 15:13:12 2022 +0200 docs: add default port for vite-based frameworks (#571) commit 47823b0 Merge: 06356c1 7e021c7 Author: Sulabh Upadhyay <[email protected]> Date: Fri Sep 16 15:05:06 2022 +0530 Merge pull request #560 from Azure/swa-start-perf-boost fix(start): keep connection open with http-proxy commit 06356c1 Author: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com> Date: Wed Sep 14 23:10:22 2022 +0530 docs: add thsackos as a contributor (#561) * docs: update docs/www/docs/contribute/3-contributors.md * docs: update .all-contributorsrc Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com> commit 8b7d725 Author: thsackos <[email protected]> Date: Wed Sep 14 06:13:25 2022 -0700 fix(cli): implement missing response override referrer behavior (#543) The documentation calls out user-defined redirect behavior using the .referrer parameter in the response override configuration. This PR enables the SWA CLI emulator to support that functionality. Fixes #542 commit 7e021c7 Author: Wassim Chegham <[email protected]> Date: Wed Sep 14 12:19:03 2022 +0200 fix(start): keep connection open with http-proxy
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Tested locally. This fixes the problem described in #542