fix(logout): use NEXT_PUBLIC_LOGOUT_REDIRECT_URL env, drop hostname regex#17
Closed
awais786 wants to merge 1 commit into
Closed
fix(logout): use NEXT_PUBLIC_LOGOUT_REDIRECT_URL env, drop hostname regex#17awais786 wants to merge 1 commit into
awais786 wants to merge 1 commit into
Conversation
The logout redirect was deriving the portal host from window.location.hostname via regex. Three different regexes have shipped across branches, and none cover both deployment shapes: foss-research.arbisoft.com → foss.arbisoft.com (prod, "<app>-<smb>.<domain>") research.foss.arbisoft.com → foss.arbisoft.com (sandbox, "<app>.<smb>.<domain>") Recent regex `/^[^.]+\.(?=[^.]*\.[^.]*\.)/` works for sandbox but silently no-ops on prod (3-label hostname) → user stays on the app host → ForwardAuth re-auth loop. Older regex `/^[^.]*\./, "foss."` works for prod but produces `foss.foss.arbisoft.com` on sandbox. The build/deploy pipeline already passes the right URL via `NEXT_PUBLIC_LOGOUT_REDIRECT_URL` (see foss-server-bundle-devstack Makefile dev.build.surfsense.web — `--build-arg NEXT_PUBLIC_LOGOUT_REDIRECT_URL="https://$SMB_NAME.$PLATFORM_DOMAIN"`). Read it directly. Hostname inspection is no longer involved, so the same image works for any layout the deployer configures. If the env var is unset, log and bail out instead of redirecting to a broken URL — surfaces misconfig immediately.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Symptom (sandbox)
On `https://research.foss.arbisoft.com\` → logout currently redirects to `https://foss.foss.arbisoft.com/\` (older regex `/^[^.]./, "foss."`) or stays on the same host and re-auths (newer regex `/^[^.]+\.(?=[^.]\.[^.]*\.)/`).
Why regex doesn't cut it
The deployer knows the portal URL. The SPA shouldn't try to guess.
Build wiring already exists
`foss-server-bundle-devstack` Makefile `dev.build.surfsense.web`:
```
docker build … --build-arg NEXT_PUBLIC_LOGOUT_REDIRECT_URL="https://$SMB_NAME.$PLATFORM_DOMAIN" …
```
Same arg is in the Dockerfile (`ARG NEXT_PUBLIC_LOGOUT_REDIRECT_URL=` → baked at build time as `process.env.NEXT_PUBLIC_LOGOUT_REDIRECT_URL`).
Test plan
Follow-ups (separate PRs, same pattern)