Jeff Storck created KNOX-1210: --------------------------------- Summary: SSOCookieProvider should detect expired SSO token Key: KNOX-1210 URL: https://issues.apache.org/jira/browse/KNOX-1210 Project: Apache Knox Issue Type: Bug Components: KnoxSSO Affects Versions: 0.14.0 Reporter: Jeff Storck
While proxying a UI that makes XHR (XMLHttpRequest) calls through Knox, if the SSO token expires, that request through Knox will be redirected to the KnoxSSO login page, which will be the response to the request itself. The UI that receives this response will attempt to parse it and fail, since it is not the expected response; it is the KnoxSSO login page itself. When a request is made with a {code}X-Requested-With{code} header set to {code}XMLHttpRequest{code} the SSOCookieProvider should check for SSO token expiry. If the token has not expired, the request should continue through to the proxied resource. If the token has expired, rather than redirecting to the KnoxSSO login page, a {code}401 Unauthorized{code} response should be returned. -- This message was sent by Atlassian JIRA (v7.6.3#76005)