From eeefec2fac92bd43c971cc12c406648cbf2a995c Mon Sep 17 00:00:00 2001 From: Silver Bullet Date: Mon, 6 Jan 2020 13:39:51 +0800 Subject: [PATCH] Update references to remove hash router * Update references to remove hash router In commit 9ae2096, the redirection parameter is changed in the example `nginx.conf`, and also in other places like `internal/middlewares/identity_verification.go`: ``` - link := fmt.Sprintf("%s://%s/#%s?token=%s", ctx.XForwardedProto(), + link := fmt.Sprintf("%s://%s%s?token=%s", ctx.XForwardedProto(), ``` --- BREAKING.md | 6 +++--- docs/proxies/nginx.md | 5 ++--- example/kube/README.md | 2 +- example/kube/apps/apps.yml | 2 +- 4 files changed, 7 insertions(+), 8 deletions(-) diff --git a/BREAKING.md b/BREAKING.md index 630e3a9d..daf0c7d6 100644 --- a/BREAKING.md +++ b/BREAKING.md @@ -21,8 +21,8 @@ fortunately migration tools are provided to ease the task. * The configuration mostly remained the same, only one major key has been added: `jwt_secret` and one key removed: `secure` from the SMTP notifier as the Go SMTP library default to TLS if available. -* The Hash router has been replaced by a Browser router. This means that the weird characters -/%23/ in the URL could now be safely removed. +* The Hash router has been removed and replaced with a Browser router. This means that the weird characters +/%23/ and /#/ in the redirection URL can now be safely removed. * The local storage used for dev purpose was a `nedb` database which was implementing the same interface as mongo but was not really standard. It has been replaced by a good old sqlite3 database. @@ -91,4 +91,4 @@ For user-based rules, use `subject: 'user:myuser'` where `myuser` is the user yo Please note that in the new system, the first matching rule applies and the next ones are not taken into account. If no rule apply, the default policy still applies and if no default policy is provided, the `deny` -policy applies. \ No newline at end of file +policy applies. diff --git a/docs/proxies/nginx.md b/docs/proxies/nginx.md index cfc932fa..7d1df9e7 100644 --- a/docs/proxies/nginx.md +++ b/docs/proxies/nginx.md @@ -43,8 +43,7 @@ Here is a commented example of configuration # If Authelia returns 401, then nginx redirects the user to the login portal. # If it returns 200, then the request pass through to the backend. # For other type of errors, nginx will handle them as usual. - # NOTE: do not forget to include /#/ representing the hash router of the web application. - error_page 401 =302 https://login.example.com:8080/#/?rd=$target_url; + error_page 401 =302 https://login.example.com:8080/?rd=$target_url; proxy_pass $upstream_endpoint; } @@ -80,4 +79,4 @@ Here is a commented example of configuration } -[nginx]: https://www.nginx.com/ \ No newline at end of file +[nginx]: https://www.nginx.com/ diff --git a/example/kube/README.md b/example/kube/README.md index 4963764f..e0352e3a 100644 --- a/example/kube/README.md +++ b/example/kube/README.md @@ -37,7 +37,7 @@ Authelia's verification endpoint. The ingress controller also requires the URL to the authentication portal so that the user can be redirected if he is not yet authenticated. This annotation is as follows: -`nginx.ingress.kubernetes.io/auth-signin: "https://login.example.com:8080/#/"` +`nginx.ingress.kubernetes.io/auth-signin: "https://login.example.com:8080/"` Those annotations can be seen in `apps/apps.yml` configuration. diff --git a/example/kube/apps/apps.yml b/example/kube/apps/apps.yml index 9f143333..2d1ceae7 100644 --- a/example/kube/apps/apps.yml +++ b/example/kube/apps/apps.yml @@ -75,7 +75,7 @@ metadata: kubernetes.io/ingress.allow-http: "false" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/auth-url: "http://authelia-service.authelia.svc.cluster.local/api/verify" - nginx.ingress.kubernetes.io/auth-signin: "https://login.example.com:8080/#/" + nginx.ingress.kubernetes.io/auth-signin: "https://login.example.com:8080/" spec: tls: - secretName: test-app-tls