Fix #36445: make auth-success page work independently of scheme

LEDfan · LEDfan · commit 52c62ab6fe45 · 2026-03-03T15:42:03.000+01:00
diff --git a/src/main/java/eu/openanalytics/containerproxy/ui/AuthController.java b/src/main/java/eu/openanalytics/containerproxy/ui/AuthController.java
@@ -84,14 +84,15 @@ public Object getLoginPage(@RequestParam Optional<String> error, ModelMap map) {
     @RequestMapping(value = AUTH_SUCCESS_URL, method = RequestMethod.GET)
     public String authSuccess(ModelMap map, HttpServletRequest request) {
         prepareMap(map);
-        map.put("url", ServletUriComponentsBuilder.fromCurrentContextPath().path("/").build().toUriString()); // default url
+        // protocol is added to the url on the client-side
+        map.put("url", ServletUriComponentsBuilder.fromCurrentContextPath().path("/").build().toUriString().replace("https://", "//").replace("http://", "//")); // default url
 
         Object redirectUrl = request.getSession().getAttribute(AUTH_SUCCESS_URL_SESSION_ATTR);
         if (redirectUrl instanceof String sRedirectUrl) {
             request.getSession().removeAttribute(AUTH_SUCCESS_URL_SESSION_ATTR);
             // sanity check: does the redirect url start with the url of this current request
             if (sRedirectUrl.startsWith(ServletUriComponentsBuilder.fromCurrentContextPath().build().toUriString())) {
-                map.put("url", redirectUrl);
+                map.put("url", sRedirectUrl.replace("https://", "//").replace("http://", "//"));
             }
         }
         return "auth-success";
diff --git a/src/main/resources/templates/auth-success.html b/src/main/resources/templates/auth-success.html
@@ -30,8 +30,9 @@
         <script th:inline="javascript" type="text/javascript">
             history.forward();
             history.pushState({}, "", new URL(location));
-            history.pushState({}, "", new URL([[${url}]]));
-            window.location.href = [[${url}]];
+            const fullUrl = location.protocol + [[${url}]];
+            history.pushState({}, "", new URL(fullUrl));
+            window.location.href = fullUrl;
         </script>
         <script>
             console.log("This page should redirect you to the main ShinyProxy page after authentication.");
