rewrite of location string causes 404 on id_token and access_token refresh

Question

rewrite of location string causes 404 on id_token and access_token refresh

r300mrg opened this issue a year ago · 0 comments

If Nginx config has a location block which is changed via rewrite, when the id_token and access_token times out and refreshes the rewritten URL is not found and a 404 page experienced with logs indicating URL and file not found.

e.g.

location /my-site/contact {
    rewrite ^/my-site/(/.*)$ $1 break;
}

So the link becomes /contact

I’ve traced this issue I experienced to the function retryOriginalRequest in the openid_connect.js file and this function is using the uri variable.

If I update uri to request_uri I don’t have any 404 errors and the logs don’t show the URL or file was not found.

e.g.

function retryOriginalRequest(r) {
    delete r.headersOut["WWW-Authenticate"]; // Remove evidence of original failed auth_jwt
    //r.internalRedirect(r.variables.uri + r.variables.is_args + (r.variables.args || '')); // Original
    r.internalRedirect(r.variables.request_uri + r.variables.is_args + (r.variables.args || '')); // Allows rewrite URLs
}

Please review if this change is suitable for a wider audience and make the repo changes if relevant.

Thanks