You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Andrew M. Lim (Jira)" <ji...@apache.org> on 2021/11/02 21:49:00 UTC
[jira] [Assigned] (NIFI-7033) wrong redirect from login/logout page
when behind a custom url prefix/context
[ https://issues.apache.org/jira/browse/NIFI-7033?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew M. Lim reassigned NIFI-7033:
-----------------------------------
Assignee: David Handermann
> wrong redirect from login/logout page when behind a custom url prefix/context
> -----------------------------------------------------------------------------
>
> Key: NIFI-7033
> URL: https://issues.apache.org/jira/browse/NIFI-7033
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
> Affects Versions: 1.10.0, 1.14.0
> Environment: NiFi official Docker Container, behind HAProxy, RHEL 7.6, Docker 18.06.0-ce
> Reporter: Rastislav Krist
> Assignee: David Handermann
> Priority: Major
> Fix For: 1.15.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Login/logout pages don't redirect properly when NiFi is deployed on a custom URL prefix (context). For example when deploying NiFi on custom URL like [https://nifi-host/mynifi|https://nifi-host/mynifi,] (using HAPROXY, setting nifi.web.proxy.host=mynifi), UI works perfectly (via [https://nifi-host/mynifi/nifi/|https://nifi-host/mynifi,]). Problem is with login/logout pages, which both don't seem to honor X-ProxyContextPath and after successfull login/logout they both redirect to [https://nifi-host/nifi|https://nifi-host/mynifi,].
> After some investigations made, the problem on login page seems to be in nf-login.js containing hardcoded url in lines 121-125:
> {code:java}
> if (accessStatus.status === 'ACTIVE') {
> // reload as appropriate - no need to schedule token refresh as the page is reloading
> if (top !== window) {
> parent.window.location = '/nifi';
> } else {
> window.location = '/nifi';
> }
> } else {
> ...
> {code}
> where on logout page, redirect url is composed purely using HttpServletResponse in LogoutFilter.java, 53 (without examining X-ProxyContextPath):
> {code:java}
> ((HttpServletResponse) response).sendRedirect("login");
> {code}
> Found a similar issue with OpenID fixed few version ago, I am not sure if it is somehow related: NIFI-5237
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)