mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 17:48:07 +00:00
rm /login handling on the middleware
This commit is contained in:
Max Peintner
@@ -49,25 +49,25 @@ export async function middleware(request: NextRequest) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Check if the request is for the /login route that handles the auth request for OIDC none prompt
|
// Check if the request is for the /login route that handles the auth request for OIDC none prompt
|
||||||
let isLoginRouteMatched = request.nextUrl.pathname.startsWith("/login/");
|
// let isLoginRouteMatched = request.nextUrl.pathname.startsWith("/login/");
|
||||||
|
|
||||||
let securitySettings;
|
// let securitySettings;
|
||||||
if (isLoginRouteMatched) {
|
// if (isLoginRouteMatched) {
|
||||||
securitySettings = await loadSecuritySettings(request);
|
// securitySettings = await loadSecuritySettings(request);
|
||||||
|
|
||||||
if (securitySettings?.embeddedIframe?.enabled) {
|
// if (securitySettings?.embeddedIframe?.enabled) {
|
||||||
const response = NextResponse.next({
|
// const response = NextResponse.next({
|
||||||
request: { headers: requestHeaders },
|
// request: { headers: requestHeaders },
|
||||||
});
|
// });
|
||||||
|
|
||||||
response.headers.set(
|
// response.headers.set(
|
||||||
"Content-Security-Policy",
|
// "Content-Security-Policy",
|
||||||
`${DEFAULT_CSP} frame-ancestors ${securitySettings.embeddedIframe.allowedOrigins.join(" ")};`,
|
// `${DEFAULT_CSP} frame-ancestors ${securitySettings.embeddedIframe.allowedOrigins.join(" ")};`,
|
||||||
);
|
// );
|
||||||
response.headers.delete("X-Frame-Options");
|
// response.headers.delete("X-Frame-Options");
|
||||||
return response;
|
// return response;
|
||||||
}
|
// }
|
||||||
}
|
// }
|
||||||
|
|
||||||
// Only run the rest of the logic for the original matcher paths
|
// Only run the rest of the logic for the original matcher paths
|
||||||
const proxyPaths = [
|
const proxyPaths = [
|
||||||
@@ -109,9 +109,7 @@ export async function middleware(request: NextRequest) {
|
|||||||
responseHeaders.set("Access-Control-Allow-Origin", "*");
|
responseHeaders.set("Access-Control-Allow-Origin", "*");
|
||||||
responseHeaders.set("Access-Control-Allow-Headers", "*");
|
responseHeaders.set("Access-Control-Allow-Headers", "*");
|
||||||
|
|
||||||
if (!securitySettings) {
|
const securitySettings = await loadSecuritySettings(request);
|
||||||
securitySettings = await loadSecuritySettings(request);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (securitySettings?.embeddedIframe?.enabled) {
|
if (securitySettings?.embeddedIframe?.enabled) {
|
||||||
responseHeaders.set(
|
responseHeaders.set(
|
||||||
|
|||||||
Reference in New Issue
Block a user