mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-09-09 19:57:16 +02:00
Kevin Veen-Birkenbach
6fa4d00547
- Move run_once include from main.yml to 01_core.yml in desk-gnome-caffeine and desk-ssh - Introduce sys-svc-cdn/01_core.yml to handle shared/vendor dirs once and role dirs per run - Replace cdn.* with cdn_paths_all.* across inj roles - Split cdn_dirs into cdn_dirs_role and CDN_DIRS_GLOBAL - Ensure cdn_urls uses cdn_paths_all Details: https://chatgpt.com/share/68b58d64-1e28-800f-8907-36926a9e9a9b
sys-front-inj-logout
This role injects a catcher that intercepts all logout elements in HTML pages served by Nginx and redirects them to a centralized logout endpoint via JavaScript.
Description
The sys-front-inj-logout Ansible role automatically embeds a lightweight JavaScript snippet into your web application's HTML responses. This script identifies logout links, buttons, forms, and other elements, overrides their target URLs, and ensures users are redirected to a central OIDC logout endpoint, providing a consistent single sign‑out experience.
Overview
- Detection: Scans the DOM for anchors (
<a>), buttons, inputs, forms,useelements and any attributes indicating logout functionality. - Override: Rewrites logout URLs to point at your OIDC provider’s logout endpoint, including a redirect back to the application.
- Dynamic content support: Uses a
MutationObserverto handle AJAX‑loaded or dynamically injected logout elements. - CSP integration: Automatically appends the required script hash into your CSP policy via the role’s CSP helper.
Features
- Seamless injection via Nginx
sub_filteron</head>. - Automatic detection of various logout mechanisms (links, buttons, forms).
- Centralized logout redirection for a unified user experience.
- No changes required in application code.
- Compatible with SPAs and dynamically generated content.
- CSP‑friendly: manages script hash for you.