[GitHub] [guacamole-client] necouchman commented on pull request #573: GUACAMOLE-680: Implement a guaranteed logout handler hook

[GitBox <gi...@apache.org>]

necouchman commented on pull request #573:
URL: https://github.com/apache/guacamole-client/pull/573#issuecomment-722628449


   Thanks @knacktim - Overall I like this approach, but am curious what @mike-jumper has to say about it.
   
   I do have a couple of concerns:
   * I wonder if there is some other/better way to handle the case where a reload/redirect by a login handler causes the remaining ones to not be processed. It seems like just noting that in the documentation of the function could be confusing when it gets to the admin level and one or more modules (SSO logout, for example) causes another one to fail to actually run. I don't have any great ideas for how to handle that, so curious if we can brainstorm up some possible alternatives.
   * I don't know if there's any level of sanity checks we should do on the registered functions to make sure that they don't get abused - purposely or inadvertently - to do bad things to the users' browsers? Again, I don't have any great ideas, here, just seems like blindly running whatever function is passed in might be asking for exploitation down the line somewhere...


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org