kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-20 13:05:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
06e4323faa846f2c10058e37ed9cc25955041f51
computer-playbook/roles/sys-front-inj-logout
History
Kevin Veen-Birkenbach c835ca8f2c refactor(front-injection): stabilize run_once flow and explicit web-service loading 
- sys-front-inj-all: load web-svc-cdn and web-svc-logout once; reinitialize inj_enabled after services; move run_once block to top; reorder injections.
- sys-front-inj-css: move run_once call into 01_core; fix app_style_present default; simplify main.
- sys-front-inj-desktop/js/matomo: deactivate per-role run_once blocks; keep utils/run_once where appropriate.
- sys-front-inj-logout: switch to files/logout.js + copy; update head_sub mtime lookup; mark set_fact tasks unchanged.
- sys-svc-cdn: inline former 01_core tasks into main; ensure shared/vendor dirs and set run_once in guarded block; remove 01_core.yml.

Rationale: prevent cascading 'false_condition: run_once_sys_svc_cdn is not defined' skips by setting run-once facts only after the necessary tasks and avoiding parent-scope guards; improves determinism and handler flushing.

Conversation: https://chatgpt.com/share/68ecfaa5-94a0-800f-b1b6-2b969074651f
2025-10-13 15:12:23 +02:00
..
files
meta
tasks
templates
vars
README.md

README.md

sys-front-inj-logout

This role injects a catcher that intercepts all logout elements in HTML pages served by Nginx and redirects them to a centralized logout endpoint via JavaScript.

Description

The sys-front-inj-logout Ansible role automatically embeds a lightweight JavaScript snippet into your web application's HTML responses. This script identifies logout links, buttons, forms, and other elements, overrides their target URLs, and ensures users are redirected to a central OIDC logout endpoint, providing a consistent single signout experience.

Overview

  • Detection: Scans the DOM for anchors (<a>), buttons, inputs, forms, use elements and any attributes indicating logout functionality.
  • Override: Rewrites logout URLs to point at your OIDC providers logout endpoint, including a redirect back to the application.
  • Dynamic content support: Uses a MutationObserver to handle AJAXloaded or dynamically injected logout elements.
  • CSP integration: Automatically appends the required script hash into your CSP policy via the roles CSP helper.

Features

  • Seamless injection via Nginx sub_filter on </head>.
  • Automatic detection of various logout mechanisms (links, buttons, forms).
  • Centralized logout redirection for a unified user experience.
  • No changes required in application code.
  • Compatible with SPAs and dynamically generated content.
  • CSPfriendly: manages script hash for you.

Further Resources