[jira] [Commented] (NIFI-7033) wrong redirect from login/logout page when behind a custom url prefix/context

Fri, 02 Oct 2020 10:52:13 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-7033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17206381#comment-17206381
 ] 

John Gibson commented on NIFI-7033:
-----------------------------------

I just experienced this as well with both NiFi 1.12.0 and 1.12.1 when running 
on CentOS 7 when behind Apache HTTPD as a reverse proxy.

> wrong redirect from login/logout page when behind a custom url prefix/context
> -----------------------------------------------------------------------------
>
>                 Key: NIFI-7033
>                 URL: https://issues.apache.org/jira/browse/NIFI-7033
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core UI
>    Affects Versions: 1.10.0
>         Environment: NiFi official Docker Container, behind HAProxy, RHEL 
> 7.6, Docker 18.06.0-ce
>            Reporter: Rastislav Krist
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Login/logout pages don't redirect properly when NiFi is deployed on a custom 
> URL prefix (context). For example when deploying NiFi on custom URL like 
> [https://nifi-host/mynifi|https://nifi-host/mynifi,] (using HAPROXY, setting 
> nifi.web.proxy.host=mynifi), UI works perfectly (via 
> [https://nifi-host/mynifi/nifi/|https://nifi-host/mynifi,]). Problem is with 
> login/logout pages, which both don't seem to honor X-ProxyContextPath and 
> after successfull login/logout they both redirect to 
> [https://nifi-host/nifi|https://nifi-host/mynifi,].
> After some investigations made, the problem on login page seems to be in 
> nf-login.js containing hardcoded url in lines 121-125:
> {code:java}
> if (accessStatus.status === 'ACTIVE') {
>     // reload as appropriate - no need to schedule token refresh as the page 
> is reloading
>     if (top !== window) {
>         parent.window.location = '/nifi';
>     } else {
>         window.location = '/nifi';
>     }
> } else {
> ...
> {code}
> where on logout page, redirect url is composed purely using 
> HttpServletResponse in LogoutFilter.java, 53 (without examining 
> X-ProxyContextPath):
> {code:java}
> ((HttpServletResponse) response).sendRedirect("login");
> {code}
> Found a similar issue with OpenID fixed few version ago, I am not sure if it 
> is somehow related: NIFI-5237
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to