commit 372545ca10082c7fa8d1da1aa2376453216ab61f
parent bf45794b22dc3afb823b36dcc9affe518a011840
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Tue, 23 Dec 2025 13:23:28 +0900
properly work around CORS limitations
Diffstat:
3 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/pkg/taldir/oidc_validator.go b/pkg/taldir/oidc_validator.go
@@ -209,7 +209,7 @@ func makeOidcValidator(cfg *TaldirConfig, name string, landingPageTpl *template.
sec := cfg.Ini.Section("taldir-validator-" + name)
algos := strings.Split(sec.Key("jwt_algos").MustString("RS256"), ",")
algoCast := make([]jose.SignatureAlgorithm, 0)
- for _,a := range algos {
+ for _, a := range algos {
algoCast = append(algoCast, jose.SignatureAlgorithm(a))
}
return OidcValidator{
diff --git a/pkg/taldir/taldir.go b/pkg/taldir/taldir.go
@@ -610,8 +610,7 @@ func (t *Taldir) registerRequest(w http.ResponseWriter, r *http.Request) {
validation.ChallengeSent = true
if len(redirectionLink) > 0 {
// This is dangerous, of course, but our validators are trusted, right?
- http.Redirect(w, r, redirectionLink, http.StatusSeeOther)
- return
+ w.Header().Set("Location", redirectionLink)
}
w.WriteHeader(http.StatusAccepted)
}
diff --git a/web/templates/lookup_result.html b/web/templates/lookup_result.html
@@ -50,10 +50,11 @@
<input id="addrInput" type="hidden" name="alias" value="{{.alias}}">
<div class="row">
<div class="col-lg-8 offset-lg-2 text-center">
- <div class="input-group mb-3">
+ <div id="address-input-group" class="input-group mb-3">
<input id="uriInput" name="target_uri" type="text" class="form-control" placeholder="{{ call .tr "paymentSystemAddressExample" }}" aria-label="Default" aria-describedby="inputGroup-sizing-default">
<input class="input-group-text btn btn-outline-primary" type="submit" value="{{ call .tr "linkIt" }}">
</div>
+ <a class="btn btn-outline-primary mb-3" id="login-button" hidden>Start OpenID validation</a>
</div>
</div>
</form>
@@ -80,10 +81,11 @@
<input id="uriInput" type="hidden" name="target_uri" value="">
<div class="row">
<div class="col-lg-8 offset-lg-2 text-center">
- <div class="input-group mb-3">
+ <div id="address-input-group" class="input-group mb-3">
<input disabled="disabled" type="text" class="form-control" aria-label="Default" aria-describedby="inputGroup-sizing-default" value="{{.result}}">
<input class="input-group-text btn btn-outline-danger" type="submit" value="{{ call .tr "deleteIt" }}">
</div>
+ <a class="btn btn-outline-primary mb-3" id="login-button" hidden>Start OpenID validation</a>
</div>
</div>
</form>
@@ -116,6 +118,12 @@
if (xhr.status == 202) {
sbanner.hidden = false;
ebanner.hidden = true;
+ var redirLoc = xhr.getResponseHeader("Location");
+ if (null != redirLoc) {
+ document.getElementById('address-input-group').hidden = true;
+ document.getElementById('login-button').hidden = false;
+ document.getElementById('login-button').href = redirLoc;
+ }
} else {
var jsonResponse = JSON.parse(xhr.responseText);
document.getElementById('ebanner-text').innerHTML = jsonResponse.hint;
