Skip to content

Commit

Permalink
fix: prevent multiple redirections to post logout url (#3366)
Browse files Browse the repository at this point in the history
Closes #3342
  • Loading branch information
CGNonofr authored Dec 5, 2022
1 parent 2986605 commit 50666b9
Showing 1 changed file with 21 additions and 4 deletions.
25 changes: 21 additions & 4 deletions oauth2/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -141,23 +141,40 @@ func (h *Handler) performOidcFrontOrBackChannelLogout(w http.ResponseWriter, r *
var total = {{ len .FrontChannelLogoutURLs }};
var redir = {{ .RedirectTo }};
var timeouts = [];
var redirected = false;
// Cancel all pending timeouts to avoid to call the frontchannel multiple times.
window.onbeforeunload = () => {
redirected = true;
for (var i=0; i<timeouts.length; i++) {
clearTimeout(timeouts[i]);
}
timeouts = [];
};
function setAndRegisterTimeout(fct, duration) {
if (redirected) {
return;
}
timeouts.push(setTimeout(fct, duration));
}
function redirect() {
window.location.replace(redir);
// In case replace failed try href
setTimeout(function () {
setAndRegisterTimeout(function () {
window.location.href = redir;
}, 250); // Show message after http-equiv="refresh"
}, 250);
}
function done() {
total--;
if (total < 1) {
setTimeout(redirect, 500);
setAndRegisterTimeout(redirect, 500);
}
}
setTimeout(redirect, 7000); // redirect after 5 seconds if e.g. an iframe doesn't load
setAndRegisterTimeout(redirect, 7000); // redirect after 7 seconds if e.g. an iframe doesn't load
// If the redirect takes unusually long, show a message
setTimeout(function () {
Expand Down

0 comments on commit 50666b9

Please sign in to comment.