-
Notifications
You must be signed in to change notification settings - Fork 218
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] Remove ForceHttpsRedirectUris #223
Comments
MicrosoftIdentityOptions.RedirectUri seems like it's trying to address the same problem and should also be removed. microsoft-identity-web/src/Microsoft.Identity.Web/MicrosoftIdentityOptions.cs Lines 31 to 42 in 0e68799
Oh, and MicrosoftIdentityOptions.PostLogoutRedirectUri microsoft-identity-web/src/Microsoft.Identity.Web/MicrosoftIdentityOptions.cs Lines 44 to 53 in 57184a3
|
Included in 0.2.0-preview release |
https://github.com/AzureAD/microsoft-identity-web/pull/202/files#diff-f39916663b976a444b0a47747df21822R62 Added ForceHttpsRedirectUris to work around scenarios where the app is behind a reverse proxy. This is an incomplete workaround for the scenario and should be removed. E.g. other components that depend on the request scheme still do not get the correct value like cookies.
The AspNetCore guidance for working with proxies is here:
https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-3.1
The container scenario should have been addressed by default in .NET Core 3.0.
https://devblogs.microsoft.com/aspnet/forwarded-headers-middleware-updates-in-net-core-3-0-preview-6/
The text was updated successfully, but these errors were encountered: