mc/mcdsl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix SSO return-to redirect loop

Browse Source 
SetReturnToCookie stored /sso/redirect as the return-to path,
causing a redirect loop after successful SSO login: the callback
would redirect back to /sso/redirect instead of /. Filter all
/sso/* paths, not just /sso/callback.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kyle Isom
2026-03-31 14:54:55 -07:00
parent 8561b34451
commit bcab16f2bf
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
sso/sso.go
View File

@@ -229,7 +229,7 @@ func ValidateStateCookie(w http.ResponseWriter, r *http.Request, prefix, querySt
// redirect back to it after SSO login completes. // redirect back to it after SSO login completes.
func SetReturnToCookie(w http.ResponseWriter, r *http.Request, prefix string) { func SetReturnToCookie(w http.ResponseWriter, r *http.Request, prefix string) {
path := r.URL.Path path := r.URL.Path
if path == "" || path == "/login" || path == "/sso/callback" { if path == "" || path == "/login" || strings.HasPrefix(path, "/sso/") {
path = "/" path = "/"
} }
http.SetCookie(w, &http.Cookie{ http.SetCookie(w, &http.Cookie{

2
sso/sso_test.go
View File

@@ -193,7 +193,7 @@ func TestReturnToDefaultsToRoot(t *testing.T) {
} }
func TestReturnToSkipsLoginPaths(t *testing.T) { func TestReturnToSkipsLoginPaths(t *testing.T) {
for _, p := range []string{"/login", "/sso/callback"} { for _, p := range []string{"/login", "/sso/callback", "/sso/redirect"} {
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
req := httptest.NewRequest(http.MethodGet, p, nil) req := httptest.NewRequest(http.MethodGet, p, nil)
SetReturnToCookie(rec, req, "mcr") SetReturnToCookie(rec, req, "mcr")