Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

setting location.hash = '' in FireFox can cause router race conditions #970

Closed
cgatian opened this issue Nov 5, 2020 · 2 comments · Fixed by #971
Closed

setting location.hash = '' in FireFox can cause router race conditions #970

cgatian opened this issue Nov 5, 2020 · 2 comments · Fixed by #971
Labels
bug For tagging faulty or unexpected behavior.

Comments

@cgatian
Copy link
Contributor

cgatian commented Nov 5, 2020
edited
Loading

Describe the bug
The Angular Router can get into a infinite loop in Firefox when Router.navigateByUrl is invoked and the token from the IdP contains an error.
I believe others are not seeing this issue in the masses because it requires the IdP redirection location to first land on an "confirmation page", this page then redirects the app to the proper application route, based on success or failure. When failure occurs the window.location contains a hash in the URL. Which causes the Angular router to invoke popstate immediately after the navigateByUrl routing has completed.

What is Occurring:

  1. Angular Application bootstraps and tryLogin is invoked on app.component
  2. Token is parsed by oauth2 lib, and it contains an error handleLoginError is invoked
  3. Within this method an attempt is made to clear location.hash if configured and set location.hash = '' (code)
  4. In Firefox only! location.hash = '' will actually add hash to the URL!
    location-hash
  5. Error bubbles out from oauth2 lib and app.component calls Router.navigateByUrl
  6. Routing successful
  7. popstate occurs in Angular router redirecting the app back to app.component
  8. tryLogin is again attempted by app.component; process repeats (GOTO step 2)

Expected behavior
No infinite routing loops 😄

Additional context
Firefox adds a hash to the URL if you attempt to clear it with an empty string. This can be fixed by first checking if location.hash contains a hash before trying to clear it with an empty string.

I believe fixing this would address other issues that have workarounds:
#493
#408

This issue also describes the problems using location.hash and Angular Router
#622
cgatian pushed a commit to cgatian/angular-oauth2-oidc that referenced this issue Nov 5, 2020
fix: clear location.hash only if it is present
c2b2753 
address issues with firefox and Angular router

Closes manfredsteyer#970
@cgatian cgatian mentioned this issue Nov 5, 2020
Merged
@jeroenheijmans jeroenheijmans added the bug For tagging faulty or unexpected behavior. label Nov 10, 2020
@rinella
Copy link

rinella commented Jan 20, 2021

I was running into continuous redirection / race conditions in firefox and I found that setting the configuration to clearHashAfterLogin = false solved the problem. the hash removal was causing it to redirect back to login. /login#token -> /home -> /login

I also use an intermediary page (/login) to receive the token and then route accordingly. I use this strategy because I have auth guards.

hope this helps someone.

@cgatian
Copy link
Contributor Author

cgatian commented Feb 11, 2021

@rinella thats also what I am doing (as a workaround). There's issues with Angular apps that use hashed based routing. I wish the PR would just be merged :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug For tagging faulty or unexpected behavior.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: clear location.hash only if it is present cgatian/angular-oauth2-oidc
3 participants
@jeroenheijmans @cgatian @rinella