mc/mcias
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: mc:v1.9.1
Branches Tags
mc:master
mc:v1.9.3 mc:v1.9.2 mc:v1.9.1 mc:v1.9.0 mc:clients/go/v0.2.0 mc:v1.8.0 mc:clients/go/v0.1.0 mc:v1.7.0 mc:v1.6.0 mc:v1.5.1 mc:v1.5.0 mc:v1.4.0 mc:v1.3.0 mc:v1.2.0 mc:v1.1.0 mc:v1.0.0
...
compare: mc:v1.9.2
Branches Tags
mc:master
mc:v1.9.3 mc:v1.9.2 mc:v1.9.1 mc:v1.9.0 mc:clients/go/v0.2.0 mc:v1.8.0 mc:clients/go/v0.1.0 mc:v1.7.0 mc:v1.6.0 mc:v1.5.1 mc:v1.5.0 mc:v1.4.0 mc:v1.3.0 mc:v1.2.0 mc:v1.1.0 mc:v1.0.0

1 Commits
v1.9.1 ... v1.9.2

Author SHA1 Message Date
Kyle Isom
4ed2cecec5 Fix SSO redirect failing with htmx login form 
The login form uses hx-post, so htmx sends the POST via fetch. A 302
redirect to the cross-origin service callback URL fails silently because
fetch follows the redirect but gets blocked by CORS. Use HX-Redirect
header instead, which tells htmx to perform a full page navigation.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-30 17:32:44 -07:00
1 changed files with 8 additions and 0 deletions
Expand all files Collapse all files

8
internal/ui/handlers_auth.go
View File

@@ -211,6 +211,14 @@ func (u *UIServer) finishLogin(w http.ResponseWriter, r *http.Request, acct *mod
// SSO redirect flow: issue authorization code and redirect to service. // SSO redirect flow: issue authorization code and redirect to service.
if ssoNonce != "" { if ssoNonce != "" {
if callbackURL, ok := u.buildSSOCallback(r, ssoNonce, acct.ID); ok { if callbackURL, ok := u.buildSSOCallback(r, ssoNonce, acct.ID); ok {
// Security: htmx follows 302 redirects via fetch, which fails
// cross-origin (no CORS on the service callback). Use HX-Redirect
// so htmx performs a full page navigation instead.
if isHTMX(r) {
w.Header().Set("HX-Redirect", callbackURL)
w.WriteHeader(http.StatusOK)
return
}
http.Redirect(w, r, callbackURL, http.StatusFound) http.Redirect(w, r, callbackURL, http.StatusFound)
return return
} }