Skip to content

[CDTOOL-1090] fix(sso): Ensure that OPTIONS requests sent by browsers do not break SSO authentication #1496

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jun 24, 2025
Merged

[CDTOOL-1090] fix(sso): Ensure that OPTIONS requests sent by browsers do not break SSO authentication #1496

merged 4 commits into from
Jun 24, 2025

Conversation

kpfleming
Copy link
Contributor

Browsers may send 'preflight' OPTIONS requests before sending the GET request which contains the authentication result; the internal webserver will now accept this request, respond to it appropriately, and continue waiting for the GET request.

The webserver will also explicitly reject any requests that are not directed at the proper path, or are any method other than GET or OPTIONS.

All Submissions:

  • Have you followed the guidelines in our Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?

New Feature Submissions:

  • Does your submission pass tests?

Changes to Core Features:

  • Have you added an explanation of what your changes do and why you'd like us to include them?
  • Have you written new tests for your core changes, as applicable?
  • Have you successfully run tests with your changes locally?

User Impact

  • What is the user impact of this change?

Are there any considerations that need to be addressed for release?

@kpfleming
fix(sso): Ensure that OPTIONS requests sent by browsers do not break …
86c90c6 
…SSO authentication.

Browsers may send 'preflight' OPTIONS requests before sending the GET
request which contains the authentication result; the internal
webserver will now accept this request, respond to it appropriately,
and continue waiting for the GET request.

The webserver will also explicitly reject any requests that are not
directed at the proper path, or are any method other than GET or
OPTIONS.
@kpfleming kpfleming requested review from Integralist and kailan June 13, 2025 18:44
@kpfleming kpfleming requested a review from a team as a code owner June 13, 2025 18:44
@kpfleming kpfleming changed the title fix(sso): Ensure that OPTIONS requests sent by browsers do not break SSO authentication. [CDTOOL-1090]fix(sso): Ensure that OPTIONS requests sent by browsers do not break SSO authentication Jun 13, 2025
@kpfleming kpfleming changed the title [CDTOOL-1090]fix(sso): Ensure that OPTIONS requests sent by browsers do not break SSO authentication [CDTOOL-1090] fix(sso): Ensure that OPTIONS requests sent by browsers do not break SSO authentication Jun 13, 2025
kailan
kailan approved these changes Jun 23, 2025
View reviewed changes
Copy link
Member

@kailan kailan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great, thank you. I am unable to reproduce the issue recently but this seems to be the correct fix.

@kpfleming kpfleming merged commit 74ae768 into fastly:main Jun 24, 2025
8 checks passed
@kpfleming kpfleming deleted the cdtool-1090 branch June 24, 2025 14:11
@BrewTestBot BrewTestBot mentioned this pull request Jul 9, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Integralist Integralist Integralist approved these changes

@kailan kailan kailan approved these changes

@anthony-gomez-fastly anthony-gomez-fastly anthony-gomez-fastly approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kpfleming @Integralist @kailan @anthony-gomez-fastly