[ https://issues.apache.org/jira/browse/OFBIZ-12620?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17543936#comment-17543936 ]
Nicolas Malin commented on OFBIZ-12620: --------------------------------------- [~jleroux] after analyze the problem, I success to reproduce the error. This code works well on customer site, the problem come from the directive *ProxyErrorOverride On* present on httpd ajp proxy. With this the httpd server override the error 401 sent by tomcat. Do you prefer that I rollback the code or I ask the infra to improve the configuration to *ProxyErrorOverride On* *503* ? > Redirect unauthenticated user to login on AJAX calls > ---------------------------------------------------- > > Key: OFBIZ-12620 > URL: https://issues.apache.org/jira/browse/OFBIZ-12620 > Project: OFBiz > Issue Type: Improvement > Components: framework/webapp, themes > Affects Versions: 22.01.01, Upcoming Branch > Reporter: Florian Motteau > Assignee: Nicolas Malin > Priority: Major > Fix For: 22.01.01 > > Attachments: OFBIZ-12620.patch, Peek 18-05-2022 15-37.mp4, > image-2022-05-18-14-47-09-659.png > > > Use case : > * log in, > * open a second browser tab (so both tabs are authenticated), > * in first tab, open a page, where a link opens a modal, the modal content > is fetched through AJAX when user clicks the link, > * log out in second tab, > * in first tab, click on the link, the AJAX request fires, but returns > nothing with a status 200, which result in a white modal without any user > feedback. > Example : > `/workeffort/control/EditWorkEffortRates?workEffortId=PrivateDemoEmployee` > !image-2022-05-18-14-47-09-659.png|width=218,height=124! > This patch does 3 things to improve this behavior : > * return a HTTP status code 401 (Unauthorized) in LoginWorker::checkLogin if > user is not authenticated (no more 200), > * in common-theme, OfbizUtil.js, on AJAX calls handler, if the request fails > with a 401 status code, reload current page (so we land on login form instead > of being stuck in a blank modal) with a new search param `clickOn` containing > the id of the link that triggered the AJAX call, > * on page load, if `clickOn` search parameter exists, trigger a click event > on the link, so the initial modal pops in after a successful login > As a result, il the user tries to open a AJAX-based modal while > unauthenticated, here is what happens : > * modal opens, > * user is immediatly redirected to the page he was, which will be filled with > login form > * after successful login, page is reloaded (no change here), and the modal is > re-opened > [^Peek 18-05-2022 15-37.mp4] -- This message was sent by Atlassian Jira (v8.20.7#820007)