[cas-user] Redirect with url fragment issue

Wed, 05 Aug 2020 01:04:48 -0700 

Hi,

I'm using CAS6.1.6 and found weird issue.

When there is url fragment in CAS client service parameter, (like 
https://example.com/cas/callback#/some_fragment)
CAS rewrites post action url with extra url fragment.
And finally user redirected to invalid url below. 
https://example.com/cas/callback#/some_fragment#/some_fragment .

Though CAS returns correct redirect response header(without url fragment, 
https://example.com/cas/callback), browser keeps url fragment by its 
mechanism and result to access 
https://example.com/cas/callback#/some_fragment#/some_fragment

In my investigation, preserveAnchorTagOnForm function in 
cas.js(https://github.com/apereo/cas/blob/6.1.x/webapp/cas-server-webapp-resources/src/main/resources/static/js/cas.js#L40)
adds extra url fragment and causes this behavior.

I don't know deeply about CAS protocol, what does correct?
- This is a bug.
- Service url should not include url fragment.
- Or another issue exists.

I overwrite preserveAnchorTagOnForm function below and worked.
Does this modification is suitable?
If it does, I'd like to create Pull request against master or suitable 
branch.

function preserveAnchorTagOnForm() {
    $('#fm1').submit(function () {
        var location = self.document.location;
        var hash = decodeURIComponent(location.hash);
        if (hash != undefined && hash != '' && hash.indexOf('#') === -1) {
            hash = '#' + hash;
        }

        var action = $('#fm1').attr('action');
        if (action == undefined) {
            action = location.href;
        } else {
            var qidx = location.href.indexOf('?');
            if (qidx != -1) {
                var hidx = location.href.indexOf('#');
                var queryParams = location.href.substring(qidx);
                if (hidx > 0) { // when # exists, queryParams should not 
include hash
                    queryParams = location.href.substring(qidx, hidx);
                }
                action += queryParams;
            }
        }
        action += hash;
        $('#fm1').attr('action', action);
        a;
    });
}


Thank you


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/69285c12-89a2-40ad-b0e4-33a967cb948bn%40apereo.org.

Reply via email to