mirror of
https://github.com/YunoHost/SSOwat.git
synced 2024-09-03 20:06:27 +02:00
[fix] Force back_url to use HTTPS (#93)
This commit is contained in:
parent
1bf64408c9
commit
d38d5e3d29
1 changed files with 11 additions and 2 deletions
13
access.lua
13
access.lua
|
@ -391,6 +391,15 @@ end
|
||||||
-- The default is to protect every URL by default.
|
-- The default is to protect every URL by default.
|
||||||
--
|
--
|
||||||
|
|
||||||
hlp.flash("info", hlp.t("please_login"))
|
-- Only display this if HTTPS. For HTTP, we can't know if the user really is
|
||||||
local back_url = ngx.var.scheme .. "://" .. ngx.var.host .. ngx.var.uri .. hlp.uri_args_string()
|
-- logged in or not, because the cookie is available only in HTTP...
|
||||||
|
if ngx.var.scheme == "https" then
|
||||||
|
hlp.flash("info", hlp.t("please_login"))
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Force the scheme to HTTPS. This is to avoid an issue with redirection loop
|
||||||
|
-- when trying to access http://main.domain.tld/ (SSOwat finds that user aint
|
||||||
|
-- logged in, therefore redirects to SSO, which redirects to the back_url, which
|
||||||
|
-- redirect to SSO, ..)
|
||||||
|
local back_url = "https://" .. ngx.var.host .. ngx.var.uri .. hlp.uri_args_string()
|
||||||
return hlp.redirect(conf.portal_url.."?r="..ngx.encode_base64(back_url))
|
return hlp.redirect(conf.portal_url.."?r="..ngx.encode_base64(back_url))
|
||||||
|
|
Loading…
Reference in a new issue