jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

oidc: remove authcallback.html from history

Browse Source 
this way atleast token goes away from history. part of #844
This commit is contained in:
Girish Ramakrishnan
2025-07-10 14:01:45 +02:00
parent 01b1f7529e
commit 337c5412b7
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
dashboard/authcallback.html
View File

@@ -1,17 +1,18 @@
<script>
var tmp = window.location.hash.slice(1).split('&');
const tmp = window.location.hash.slice(1).split('&');
// FIXME: implicit flow (response_type=code token) results in access_token query param. this is not secure
tmp.forEach(function (pair) {
if (pair.indexOf('access_token=') === 0) localStorage.token = pair.split('=')[1];
});
var redirectTo = '/';
const redirectTo = '/';
if (localStorage.getItem('redirectToHash')) {
redirectTo += localStorage.getItem('redirectToHash');
localStorage.removeItem('redirectToHash');
}
window.location.href = redirectTo;
window.location.replace(redirectTo); // this removes us from history
</script>