github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-08 09:27:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(router/frontchannellogout): do not write response headers before clearing cookies

Browse Source
This commit is contained in:
Trong Huu Nguyen
2022-01-07 11:12:34 +01:00
parent 05e2509fac
commit a4461ad294
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/router/handler_frontchannellogout.go
View File

@@ -8,9 +8,6 @@ import (
// FrontChannelLogout triggers logout triggered by a third-party.
func (h *Handler) FrontChannelLogout(w http.ResponseWriter, r *http.Request) {
// Unconditionally return HTTP 200 OK
w.WriteHeader(http.StatusOK)
params := r.URL.Query()
sid := params.Get("sid")
@@ -20,6 +17,7 @@ func (h *Handler) FrontChannelLogout(w http.ResponseWriter, r *http.Request) {
if len(sid) == 0 {
log.Info("sid parameter not set in request; ignoring")
h.DeleteSessionFallback(w, r)
w.WriteHeader(http.StatusOK)
return
}
@@ -30,4 +28,6 @@ func (h *Handler) FrontChannelLogout(w http.ResponseWriter, r *http.Request) {
log.Error(err)
// Session is already destroyed at the OP and is highly unlikely to be used again.
}
w.WriteHeader(http.StatusOK)
}