[FEAT]: black list api endpoints #53

kirkegaard · 2023-06-08T08:28:24Z

Clear and concise description of the problem

We're seeing a lot of double requests on ios lately. Its like the service worker will do a prior request before the "real" request. This invalidates our oauth token which then results in a failed login.

Is there anyway of "black listing" /api/ and telling the sw never to call anything in that space?

{ip} - - [07/Jun/2023:06:38:34 +0200] "GET /api/broker/callback?code={long hash}-1&scope=openid%20mitid&state=login&iss=https%3A%2F%2F{oauth provider}.dk%2Fop HTTP/2.0" 302 0 "https://www.{domain}.dk/sw.js" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1" "-" [RequestTime: 0.047 - UpstreamTime: 0.048]
{ip} - - [07/Jun/2023:06:38:34 +0200] "GET /api/broker/callback?code={long hash}-1&scope=openid%20mitid&state=login&iss=https%3A%2F%2F{oauth provider}.dk%2Fop HTTP/2.0" 499 0 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1" "-" [RequestTime: 0.116 - UpstreamTime: -]

Alternative

No response

Additional context

No response

Validations

Follow our Code of Conduct
Read the Contributing Guide.
Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

The text was updated successfully, but these errors were encountered:

kirkegaard added the enhancement New feature or request label Jun 8, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[FEAT]: black list api endpoints #53

[FEAT]: black list api endpoints #53

kirkegaard commented Jun 8, 2023

[FEAT]: black list api endpoints #53

[FEAT]: black list api endpoints #53

Comments

kirkegaard commented Jun 8, 2023

Clear and concise description of the problem

Suggested solution

Alternative

Additional context

Validations