I use the CAS module for SSO. Currently, when a logout is triggered, an AJAX request is made to ?q=autologout_ahah_logout. Normally this would be fine but since all of the module logout functions are called including the CAS module's, a redirect occurs to the CAS server to indicate the user has logged out. The problem is that for an AJAX call this is scene as a Cross-Domain request since the CAS server is unlikely to be located on the same domain as the Drupal site.
I am wondering if instead of using an AJAX call whether it might not work better to do a window.location redirect to ?q=autologout_ahah_logout.
In my case, this works perfectly okay. I could write up a patch for the code if you are interested in taking this approach.
Comment | File | Size | Author |
---|---|---|---|
#4 | autologout-FixAccessControlAllowOriginIssue-2223549-2.patch | 3.61 KB | wdouglascampbell |
Comments
Comment #1
johnennew CreditAttribution: johnennew commentedI can see this would be useful but I'd suggest as an option. The ajax method is pretty robust in most situations.
Comment #2
wdouglascampbell CreditAttribution: wdouglascampbell commentedOkay. That seems reasonable. Let me try and work something up and then I can post back a patch that adds this as a configurable alternative that an administrator can set.
Comment #3
wdouglascampbell CreditAttribution: wdouglascampbell commentedComment #4
wdouglascampbell CreditAttribution: wdouglascampbell commentedComment #5
wdouglascampbell CreditAttribution: wdouglascampbell commentedComment #6
wdouglascampbell CreditAttribution: wdouglascampbell commentedTake a look at the patch I have submitted against the HEAD. It allows the user to easily check a box in the admin settings to use an alternate non-AJAX method for the logout. When auto logout is trigger, the logout function checks to see if the variable tied to the checkbox is true. If it is, it will just do a page redirect, otherwise it will continue using the original AJAX service call method.
Comment #7
wdouglascampbell CreditAttribution: wdouglascampbell commentedAny comments? Can we get this patch included?
Comment #9
johnennew CreditAttribution: johnennew commentedLooks good. Pushed to 7.x-4.x:
http://drupalcode.org/project/autologout.git/commit/eea503d