Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-23246

URL fragment in redirect URI lost in authentication filter

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 8.10-HF17, 9.3
    • Component/s: Authentication

      Description

      URL fragments (anything to the right of #) is meant to be handled client side, not passed to the remote web server. Work done in NXP-20366 updates the requestedUrl login parameter in the login form client side to explicitly include the fragment. Other authentication plugins however will loose the fragment as it is not send to the server who stores this URL and performs the redirect.

        Attachments

          Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. NXP-30083 Fix CAS authentication anonymous client change of behavior introduced with NXP-23246

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. NXP-25500 Infinite redirect loop and inconsistent behavior when using Anonymous user

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. NXP-24824 Correct mobile redirect (open in app) to allow opening the right document

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. NXP-23247 Login provider links do not take URL fragment into account

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. NXP-23495 Returns proper HTTP error response when requesting a token with invalid credentials

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. NXP-23517 Link to a document: Redirect to document after login

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. NXP-23512 Enable the Drive Edit action regardless of the Nuxeo Drive token application name's encoding

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. NXP-23564 Unnecessary decode of 'requestUrl' request parameter

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is required by

          Bug - A problem which impairs or prevents the functions of the product. NXMOB-411 Cannot authenticate through OAuth2

          • Blocker - Blocks development and/or testing work, production could not run.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. NXP-22760 Using Direct link with WebUI and SAML2 does not work

          • Major - Major loss of function.
          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 3 days
                  3d