Comments (9)
Well I build apps often that go from subdomain and connect to the main domain. So I need to get a good grasp of overriding cors.
session.storage.options:
...
cookie_domain: '.app.example.web'
cors.config:
enabled: true
# Specify allowed headers, like 'x-allowed-header'.
allowedHeaders: ['*']
# Specify allowed request methods, specify ['*'] to allow all possible ones.
allowedMethods: ['*']
# Configure requests allowed from specific origins.
allowedOrigins: ['http://app.example.web', 'http://localhost:9000']
# Sets the Access-Control-Expose-Headers header.
exposedHeaders: false
# Sets the Access-Control-Max-Age header.
maxAge: false
# Sets the Access-Control-Allow-Credentials header.
supportsCredentials: true
Then make sure your page doesn't redirect after login or logout and or redirect after any of your requests in general... and everything seems to work.
from angular-drupal.
@webdobe Please provide more context from your Network and/or Console tabs to show the request/response in more detail. We're looking for headers/payloads/status-codes/responses/etc.
from angular-drupal.
When calling jdrupal.userLogout(); I get a status code: 0 and no statusText. It doesn't look like jdrupal uses the logout_token (that is returned during the login request), does that matter with the introduction in 8.2.x? All other requests are working normally at the moment.
from angular-drupal.
@webdobe This is how logout is working for me in jDrupal 8:
GET: http://example.com/user/logout
Status Code: 302 Found
There are no tokens needed in the header AFAIK (since it is a GET call). Now that I am revisiting this, I see the logout functionality is pretty cheap in jDrupal, since all it is doing is make a call to /user/logout on the Drupal website, it's not utilizing REST in any way. It is working properly for me, it's just kind of cheap how I implemented it. This is for Drupal 8.2 for me as well, it seems to be working fine.
The 302 would explain the redirect to the front page that you have noticed, but my actually web app doesn't redirect, it safely logs out.
I do now see the logout_token
you mentioned being returned in the login response, but at this point I'm unsure of how/when to use it.
from angular-drupal.
If your getting 302 how does it pass the validation in logout? The code says 200 and 303. Doesn't seem to fix my issue but... Just curious.
from angular-drupal.
If your getting 302 how does it pass the validation in logout?
@webdobe I think because it is running through an XHR, and just the simple action of visiting the user/logout
like you would normally in a browser (but it's happening via XHR and GET) fires the user logout event in Drupal, clears the sessions/cookies/etc, and then when the redirect happens, the end user doesn't actually see it because it's running through the XHR.
All in all, it sounds like we need to figure out a proper call to the user logout rest resource in D8.
And you're right, it's odd that the code is only allowing for 200 and 303: https://github.com/easystreet3/jDrupal/blob/8.x-1.x/src/includes/rest.inc.js#L127 - I can't remember why I added the 303 there, but maybe we can add the 302 there, does that work for you? Thoughts?
from angular-drupal.
I am still debugging.. I am still only getting a status code of 0 which doesn't help with anything... I am looking into this: http://stackoverflow.com/questions/16386148/why-browser-do-not-follow-redirects-using-xmlhttprequest-and-cors/20854800#20854800 which is just another CORS issue so probably nothing really wrong with this.
from angular-drupal.
So that is what it was... With my dev setup where I am sharing creds on different domains ie localhost and example.com. I think it may be the same for xxx.example.com and example.com. I believe browsers follow that 3xx request... Which was following to the home page which kicked a 403 forbidden..... Not sure why. I removed the sites Default front page... and the logout worked... So something with CORS and redirect... makes things no so fun.
I ran into a similar thing with d7 and the triggers module. When a trigger was setup to redirect after login.
I found this:
Investigation of the problem showed that his XHR was not landing on the CORS-enabled URL directly, but was being redirected to it through an HTTP 302 (redirect) response.
So bear in mind that the redirecting URL must also include an Access-Control-Allow-Origin header, else the browser will stop right there with its attempted cross-domain request.
I wonder if this is a bug in drupal core.
from angular-drupal.
from angular-drupal.
Related Issues (20)
- Merge with jDrupal? HOT 5
- user/login.json 404 (Not Found) with drupal.user_login HOT 8
- Rebuild angular-drupal.min.js
- Update README examples
- Create dev branch HOT 2
- 403 Forbidden on saving a user (PATCH) HOT 7
- CSRF token issue for Safari/ios HOT 1
- Anonymous user is always returned after logging in. HOT 9
- bower.js needs to know where the src file is HOT 2
- Cookie domain HOT 3
- Login issue with different token and sessid HOT 7
- How to get success message HOT 6
- How to create node with entity field HOT 15
- Loading other entities HOT 3
- How to upload images to image field? 7.x HOT 5
- Login response is correct, but printing out the user id still shows anonymous HOT 3
- 403 PUT/PATCH on user register/update on a multilingual site HOT 6
- drupal node_save created time HOT 3
- ios incompatibilities HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from angular-drupal.