[Koha-bugs] [Bug 34164] OAuth2/OIDC should redirect to page that initiated login
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Jun 30 05:52:03 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34164
--- Comment #1 from David Cook <dcook at prosentient.com.au> ---
(In reply to David Cook from comment #0)
> However, all we need to do is save the current path in the user's session,
> and then recall it after the successful login.
No, not the current path, because that's the path to the API.
We either need to save the path of the previous request, or we need to use the
HTTP_REFERER, which is problematic since it's a user-provided HTTP header.
We can validate the URL in the HTTP_REFERER, although if you initiated a login
from "/cgi-bin/koha/opac-main.pl?logout.x=1" then you'd be redirected to a
logout page.
But we can't leave off the query string because sometimes you'd want to be
redirected to "/cgi-bin/koha/opac-detail.pl?biblionumber=29" for instance.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list