kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-09 19:57:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
ce3fe1cd510e066e03c131cc826fc25afa986a04
computer-playbook/roles/sys-front-inj-logout/README.md
Kevin Veen-Birkenbach 231fd567b3 feat(frontend): rename inj roles to sys-front-*, add sys-svc-cdn, cache-busting lookup 
Introduce sys-svc-cdn (cdn_paths/cdn_urls/cdn_dirs) and ensure CDN directories + latest symlink.

Rename sys-srv-web-inj-* → sys-front-inj-*; update includes/templates; serve shared/per-app CSS & JS via CDN.

Add lookup_plugins/local_mtime_qs.py for mtime-based cache busting; split CSS into default.css/bootstrap.css + optional per-app style.css.

CSP: use style-src-elem; drop unsafe-inline for styles. Services: fix SYS_SERVICE_ALL_ENABLED bool and controlled flush.

BREAKING CHANGE: role names changed; replace includes and references accordingly.

Conversation: https://chatgpt.com/share/68b55494-9ec4-800f-b559-44707029141d
2025-09-01 10:10:23 +02:00

30 lines
1.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# sys-front-inj-logout
This role injects a catcher that intercepts all logout elements in HTML pages served by Nginx and redirects them to a centralized logout endpoint via JavaScript.
## Description
The `sys-front-inj-logout` Ansible role automatically embeds a lightweight JavaScript snippet into your web application's HTML responses. This script identifies logout links, buttons, forms, and other elements, overrides their target URLs, and ensures users are redirected to a central OIDC logout endpoint, providing a consistent single signout experience.
## Overview
- **Detection**: Scans the DOM for anchors (`<a>`), buttons, inputs, forms, `use` elements and any attributes indicating logout functionality.
- **Override**: Rewrites logout URLs to point at your OIDC providers logout endpoint, including a redirect back to the application.
- **Dynamic content support**: Uses a `MutationObserver` to handle AJAXloaded or dynamically injected logout elements.
- **CSP integration**: Automatically appends the required script hash into your CSP policy via the roles CSP helper.
## Features
- Seamless injection via Nginx `sub_filter` on `</head>`.
- Automatic detection of various logout mechanisms (links, buttons, forms).
- Centralized logout redirection for a unified user experience.
- No changes required in application code.
- Compatible with SPAs and dynamically generated content.
- CSPfriendly: manages script hash for you.
## Further Resources
- [OpenID Connect RP-Initiated Logout](https://openid.net/specs/openid-connect-session-1_0.html#RPLogout)
- [Nginx `sub_filter` Module](http://nginx.org/en/docs/http/ngx_http_sub_module.html)
- [Ansible Role Directory Structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_roles.html#role-directory-structure)
Reference in New Issue View Git Blame Copy Permalink