Skip to content

Commit 1d01d78

Browse files
committed
logout: make logout code more similar to upstream nextcloud server
See https://github.com/nextcloud/server/blob/b085803c0bfe8c568e5710525e49d5f6378833b6/core/Controller/LoginController.php#L99 and following lines. Also note that setting `clearingExecutionContexts` is no longer required, because it had to do with the executionContexts feature which is no longer used by nextcloud since nextcloud/server#16310. Furthermore, with the behavior introduced in nextcloud/server#12573, setting `clearingExecutionContexts` breaks our logout redirects, because the middleware subsequently (after the logout redirect) returns another redirects to `/login?clear=1`.
1 parent a4866d4 commit 1d01d78

File tree

1 file changed

+7
-4
lines changed

1 file changed

+7
-4
lines changed

lib/AppInfo/Application.php

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,7 @@ public function boot(IBootContext $context): void
7474
$altLoginPage = $this->config->getSystemValue('oidc_login_alt_login_page', false);
7575

7676
// URL for login without redirecting forcefully, false if we are not doing that
77-
$noRedirLoginUrl = $useLoginRedirect ? $this->url->linkToRouteAbsolute('core.login.showLoginForm').'?noredir=1' : false;
77+
$noRedirLoginUrl = $useLoginRedirect ? $this->url->linkToRouteAbsolute('core.login.showLoginForm').'?noredir=1&clear=1' : false;
7878

7979
// Get logged in user's session
8080
$userSession = $container->get(IUserSession::class);
@@ -93,17 +93,20 @@ public function boot(IBootContext $context): void
9393
/* Redirect to logout URL on completing logout
9494
If do not have logout URL, go to noredir on logout */
9595
if ($logoutUrl = $session->get('oidc_logout_url', $noRedirLoginUrl)) {
96-
$userSession->listen('\OC\User', 'postLogout', function () use ($logoutUrl, $session) {
96+
$userSession->listen('\OC\User', 'postLogout', function () use ($logoutUrl, $session, $request) {
9797
// Do nothing if this is a CORS request
9898
if ($this->getContainer()->get(ControllerMethodReflector::class)->hasAnnotation('CORS')) {
9999
return;
100100
}
101101

102102
// Properly close the session and clear the browsers storage data before
103103
// redirecting to the logout url.
104-
$session->set('clearingExecutionContexts', '1');
105104
$session->close();
106-
header('Clear-Site-Data: "cache", "storage"');
105+
106+
if ($request->getServerProtocol() === 'https') {
107+
// This feature is available only in secure contexts
108+
header('Clear-Site-Data: "cache", "storage"');
109+
}
107110

108111
header('Location: '.$logoutUrl);
109112

0 commit comments

Comments
 (0)