You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi folks, we recently upgraded from MediaWiki 1.31 LTS to 1.35 LTS and ran into a problem with CAS logouts due to MW1.35's change to using an AJAX post for logout rather than the default link following behavior. This new behavior was added in https://phabricator.wikimedia.org/T222626 . This may not be an issue for others if your CAS server sets CORS headers that allow the /cas/logout path to be accessed as part of AJAX requests, but our currently doesn't.
The work-around I ended up using is to comment out the Javascript code in MediaWiki that takes over the interaction for the logout link. This makes logout a two-click process, but one that has the benefit of not failing with CORS errors.
diff --git a/mediawiki/resources/src/mediawiki.page.ready/ready.js b/mediawiki/resources/src/mediawiki.page.ready/ready.j
index 6acffdf..a6f19a6 100644
--- a/mediawiki/resources/src/mediawiki.page.ready/ready.js
+++ b/mediawiki/resources/src/mediawiki.page.ready/ready.js
@@ -67,6 +67,12 @@ $( function () {
e.preventDefault();
} );
+/*
+ // Commented out by Adam Franco 2021-06-22 to avoid CORS issues with sending
+ // the CAS logout request via AJAX rather than a full client redirect.
+ // This code to turn the logout link into an AJAX POST was added in:
+ // https://phabricator.wikimedia.org/T222626
+
// Turn logout to a POST action
$( '#pt-logout a[data-mw="interface"]' ).on( 'click', function ( e ) {
var api = new mw.Api(),
@@ -90,6 +96,7 @@ $( function () {
);
e.preventDefault();
} );
+*/
} );
/**
If anyone has suggestions for alternate fixes that don't involve modifying the CAS server I'd be interested in hearing your ideas.
The text was updated successfully, but these errors were encountered:
Hi folks, we recently upgraded from MediaWiki 1.31 LTS to 1.35 LTS and ran into a problem with CAS logouts due to MW1.35's change to using an AJAX post for logout rather than the default link following behavior. This new behavior was added in https://phabricator.wikimedia.org/T222626 . This may not be an issue for others if your CAS server sets CORS headers that allow the
/cas/logout
path to be accessed as part of AJAX requests, but our currently doesn't.The work-around I ended up using is to comment out the Javascript code in MediaWiki that takes over the interaction for the logout link. This makes logout a two-click process, but one that has the benefit of not failing with CORS errors.
If anyone has suggestions for alternate fixes that don't involve modifying the CAS server I'd be interested in hearing your ideas.
The text was updated successfully, but these errors were encountered: