-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrong intent is stored by Laravel because it ignores the proxies that are not direct clients and there is no fix. #83
Comments
Looks like the intent is implicitly overwritten by Laravel calling the guest method internally but with the wrong url because it ignores the Proxy rewrites of downstream proxies. So the intent is practically not usable. An Opt-out from using this intent would be necessary here. |
To get the intent right you have to set trusted proxy and headers. The necessary header 'HEADER_X_FORWARDED_PREFIX' is missing from Laravels internal getTrustedHeaderNames(), so it silently discards this header from trusted ones and it will not work. You have to overwrite the method and add the header like below to get the bug fixed.
|
Here https://github.com/mariovalney/laravel-keycloak-web-guard/blob/master/src/Middleware/KeycloakAuthenticated.php#L17 the redirection is done with the redirect method which does not preserve the intent. For preserving the intent the special redirect()->guest($target) method exists in laravel.In my case the app always redirects to some
"old"stored intent, which redirects the user to / while the whole app is located under /dashboardSee also accepted answer here:https://stackoverflow.com/questions/51882925/laravel-redirect-intended-is-not-working-in-custom-login-controller
The text was updated successfully, but these errors were encountered: