"Info" form cannot be submitted in some conditions in Firefox
Concerned version
Version: 2.0.7
Firefox only
Summary
- Enable Single sessions per user
- Open a session for dwho
In 2.0.7:
- Browse to http://auth.example.com/?skin=bootstrap
- Login as dwho
- The single session info form appears, but cannot be submitted
In current 2.0 branch
- Browse to http://auth.example.com/
- Login as dwho
- The single session info form appears, but cannot be submitted
vokoscreen-2020-04-20_11-42-42
Explanation
For some reason (probably HTML spec), firefox will not resubmit an HTTP request when the result of a FORM action is the same page as the original, and contains a fragment:
Current URL | Form URL | Result |
---|---|---|
/ | /?skin=bootstrap | page reload |
/?skin=bootstrap | /?skin=bootstrap | page reload |
/# | /?skin=bootstrap# | page reload |
/?skin=bootstrap# | /?skin=bootstrap# | NO ACTION |
In 2.0.7 and before, this behavior would only appear when the user tries to login directly with skin=bootstrap already appended to the URL.
But because of dd9e849b, skin=bootstrap is not appended anymore by default (I think this is an issue as well btw) so this "stuck" behavior now happens very reliably, everytime a user logs in through http://auth.example.com/
Using a different fix for #2081 (closed) is probably what we should do, but it won't take care of every possible issue.
Suggested fix
We could force the target URL of the form to be without a fragment. Something like this:
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
index facc6618f..a013e2ef5 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
@@ -135,7 +135,7 @@ sub display {
AUTH_ERROR => $self->error,
AUTH_ERROR_TYPE => $req->error_type,
MSG => $info,
- URL => $req->{urldc},
+ URL => $req->{urldc} || $self->conf->{portal},
HIDDEN_INPUTS => $self->buildHiddenForm($req),
ACTIVE_TIMER => $req->data->{activeTimer},
CHOICE_PARAM => $self->conf->{authChoiceParam},
would force the user to browse to the portal when no target URL is specified
Do you guys see any potential side effects to this?