Redirect with url fragment issue
33 views
Skip to first unread message
Shota Aratono
Aug 5, 2020, 4:03:45 AM8/5/20
to CAS Community
Hi,
I'm using CAS6.1.6 and found weird issue.
When there is url fragment in CAS client service parameter, (like https://example.com/cas/callback#/some_fragment)
CAS rewrites post action url with extra url fragment.
And finally user redirected to invalid url below. https://example.com/cas/callback#/some_fragment#/some_fragment .
Though CAS returns correct redirect response header(without url fragment, https://example.com/cas/callback), browser keeps url fragment by its mechanism and result to access https://example.com/cas/callback#/some_fragment#/some_fragment
In my investigation, preserveAnchorTagOnForm function in cas.js(https://github.com/apereo/cas/blob/6.1.x/webapp/cas-server-webapp-resources/src/main/resources/static/js/cas.js#L40)
adds extra url fragment and causes this behavior.
I don't know deeply about CAS protocol, what does correct?
- This is a bug.
- Service url should not include url fragment.
- Or another issue exists.
I overwrite preserveAnchorTagOnForm function below and worked.
Does this modification is suitable?
If it does, I'd like to create Pull request against master or suitable branch.
function preserveAnchorTagOnForm() {
$('#fm1').submit(function () {
var location = self.document.location;
var hash = decodeURIComponent(location.hash);
if (hash != undefined && hash != '' && hash.indexOf('#') === -1) {
hash = '#' + hash;
}
var action = $('#fm1').attr('action');
if (action == undefined) {
action = location.href;
} else {
var qidx = location.href.indexOf('?');
if (qidx != -1) {
var hidx = location.href.indexOf('#');
var queryParams = location.href.substring(qidx);
if (hidx > 0) { // when # exists, queryParams should not include hash
queryParams = location.href.substring(qidx, hidx);
}
action += queryParams;
}
}
action += hash;
$('#fm1').attr('action', action);
a;
});
}
Thank you
Reply all
Reply to author
Forward
0 new messages