URI redirect - alternative to hash sign #config parameter in URL

keda82 · February 24, 2023, 3:16pm

We have a custom auth flow prior to Jitsi web that performs a redirect and stores the initial landing uri.

The problem is that everything after #(hash) is not lost in the redirect meaning we cannot do any URL parameter config to the jitsi UI at the moment.

Are there any other methods to configure the Jitsi UI without the #-sign?

Found this info in RFC 3986

RFC 3986 statement on fragments:

the fragment identifier is not used in the scheme-specific
processing of a URI; instead, the fragment identifier is separated
from the rest of the URI prior to a dereference, and thus the
identifying information within the fragment itself is dereferenced
solely by the user agent, regardless of the URI scheme. Although
this separate handling is often perceived to be a loss of
information, particularly for accurate redirection of references as
resources move over time, it also serves to prevent information
providers from denying reference authors the right to refer to
information within a resource selectively.

emrah · February 24, 2023, 3:25pm

I use the following to keep fragments while redirecting:

github.com

nordeck/jitsi-keycloak-adapter/blob/main/templates/etc/nginx/sites-available/example.conf#L181-L191


      
          # oidc: customized @root_path
          location @root_path {
              if ($arg_oidc) {
                  rewrite ^/(.*)$ / break;
              }
              if ($arg_jwt) {
                  rewrite ^/(.*)$ / break;
              }
          
          
    rewrite ^/(.*)$ /static/oidc-redirect.html;
          }

github.com

nordeck/jitsi-keycloak-adapter/blob/main/templates/usr/share/jitsi-meet/static/oidc-redirect.html

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <script>
      function redirect() {
        const path = encodeURIComponent(window.location.pathname);
        const search = encodeURIComponent(window.location.search.substring(1));
        const hash = encodeURIComponent(window.location.hash.substring(1));

        window.location = `/oidc/redirect` +
          `?path=${path}&search=${search}&hash=${hash}`;
      }
    </script>
  </head>
  <body onload="redirect()">
    redirecting...
  </body>
</html>

keda82 · February 24, 2023, 3:38pm

Thanks @emrah, interesting!

Trying to understand the flow here, how do you keep the fragement identifier so that the server sees it? To my understanding it is only visible on the client side?

emrah · February 24, 2023, 4:06pm

That 's right. Therefore there is an internal redirection (rewrite line) in Nginx. The client goes to oidc-redirect.html transparently and the state doesn’t change on the client side. So, oidc-redirect.html can get the original URL with its querystring and fragment.

Then it redirects the client by keeping all these data.