kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-09 18:28:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
computer-playbook/roles/sys-front-inj-logout
History
Kevin Veen-Birkenbach 97af4990aa refactor(webserver): rename roles and update references 
- Rename sys-svc-webserver -> sys-svc-webserver-core
- Rename sys-stk-front-pure -> sys-svc-webserver-https
- Update includes, run_once flags, and docs across:
  * sys-ctl-mtn-cert-renew
  * sys-front-inj-*
  * sys-stk-front-proxy
  * sys-svc-certs
  * sys-svc-cln-domains
  * web-opt-rdr-*
  * web-svc-*
- Remove redundant webserver include in web-opt-rdr-www
- Fix documentation links

Ref: ChatGPT conversation https://chatgpt.com/share/68d6cea2-3570-800f-acb3-c3277317f17b
2025-09-26 19:34:42 +02:00
..
meta
feat(frontend): rename inj roles to sys-front-*, add sys-svc-cdn, cache-busting lookup
2025-09-01 10:10:23 +02:00
tasks
refactor(webserver): rename roles and update references
2025-09-26 19:34:42 +02:00
templates
feat(frontend): rename inj roles to sys-front-*, add sys-svc-cdn, cache-busting lookup
2025-09-01 10:10:23 +02:00
vars
Refactor CDN and run_once handling
2025-09-01 14:11:36 +02:00
README.md
feat(frontend): rename inj roles to sys-front-*, add sys-svc-cdn, cache-busting lookup
2025-09-01 10:10:23 +02:00

README.md

sys-front-inj-logout

This role injects a catcher that intercepts all logout elements in HTML pages served by Nginx and redirects them to a centralized logout endpoint via JavaScript.

Description

The sys-front-inj-logout Ansible role automatically embeds a lightweight JavaScript snippet into your web application's HTML responses. This script identifies logout links, buttons, forms, and other elements, overrides their target URLs, and ensures users are redirected to a central OIDC logout endpoint, providing a consistent single signout experience.

Overview

  • Detection: Scans the DOM for anchors (<a>), buttons, inputs, forms, use elements and any attributes indicating logout functionality.
  • Override: Rewrites logout URLs to point at your OIDC providers logout endpoint, including a redirect back to the application.
  • Dynamic content support: Uses a MutationObserver to handle AJAXloaded or dynamically injected logout elements.
  • CSP integration: Automatically appends the required script hash into your CSP policy via the roles CSP helper.

Features

  • Seamless injection via Nginx sub_filter on </head>.
  • Automatic detection of various logout mechanisms (links, buttons, forms).
  • Centralized logout redirection for a unified user experience.
  • No changes required in application code.
  • Compatible with SPAs and dynamically generated content.
  • CSPfriendly: manages script hash for you.

Further Resources