Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CAS CORS issue on logout in MW 1.35 #15

Open
adamfranco opened this issue Jun 22, 2021 · 0 comments
Open

CAS CORS issue on logout in MW 1.35 #15

adamfranco opened this issue Jun 22, 2021 · 0 comments

Comments

@adamfranco
Copy link

Hi folks, we recently upgraded from MediaWiki 1.31 LTS to 1.35 LTS and ran into a problem with CAS logouts due to MW1.35's change to using an AJAX post for logout rather than the default link following behavior. This new behavior was added in https://phabricator.wikimedia.org/T222626 . This may not be an issue for others if your CAS server sets CORS headers that allow the /cas/logout path to be accessed as part of AJAX requests, but our currently doesn't.

The work-around I ended up using is to comment out the Javascript code in MediaWiki that takes over the interaction for the logout link. This makes logout a two-click process, but one that has the benefit of not failing with CORS errors.

diff --git a/mediawiki/resources/src/mediawiki.page.ready/ready.js b/mediawiki/resources/src/mediawiki.page.ready/ready.j
index 6acffdf..a6f19a6 100644
--- a/mediawiki/resources/src/mediawiki.page.ready/ready.js
+++ b/mediawiki/resources/src/mediawiki.page.ready/ready.js
@@ -67,6 +67,12 @@ $( function () {
                e.preventDefault();
        } );
 
+/*
+       // Commented out by Adam Franco 2021-06-22 to avoid CORS issues with sending
+       // the CAS logout request via AJAX rather than a full client redirect.
+       // This code to turn the logout link into an AJAX POST was added in:
+       // https://phabricator.wikimedia.org/T222626
+
        // Turn logout to a POST action
        $( '#pt-logout a[data-mw="interface"]' ).on( 'click', function ( e ) {
                var api = new mw.Api(),
@@ -90,6 +96,7 @@ $( function () {
                );
                e.preventDefault();
        } );
+*/
 } );
 
 /**

If anyone has suggestions for alternate fixes that don't involve modifying the CAS server I'd be interested in hearing your ideas.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant