fix: use browser redirect page for mx login

This commit is contained in:
Marek Miklewicz
2026-06-30 19:34:01 +02:00
parent 7d3d458160
commit d5894a1935
5 changed files with 48 additions and 3 deletions
+1 -1
View File
@@ -53,7 +53,7 @@ return static function (): void {
'event' => 'create_login_url',
'result' => 'success',
]);
Http::redirectNoStore($url);
Http::browserRedirectNoStore($url);
} catch (Throwable $e) {
AuditLog::append(Settings::AUDIT_LOG, $auditBase + [
'event' => 'create_login_url',
+31
View File
@@ -45,6 +45,37 @@ final class Http
exit;
}
public static function browserRedirectNoStore(string $url): void
{
header('Content-Type: text/html; charset=UTF-8');
header('Cache-Control: no-store, private');
header('Pragma: no-cache');
header('Referrer-Policy: no-referrer');
header('X-Content-Type-Options: nosniff');
header("Content-Security-Policy: default-src 'none'; script-src 'unsafe-inline'; style-src 'unsafe-inline'; base-uri 'none'; form-action 'none'");
echo self::redirectPageHtml($url);
exit;
}
public static function redirectPageHtml(string $url): string
{
$safeUrl = htmlspecialchars($url, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
$jsonUrl = json_encode($url, JSON_UNESCAPED_SLASHES | JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX_APOS | JSON_HEX_QUOT);
if (!is_string($jsonUrl)) {
$jsonUrl = '"/"';
}
return '<!doctype html><html lang="pl"><head><meta charset="utf-8">'
. '<meta name="viewport" content="width=device-width, initial-scale=1">'
. '<meta http-equiv="refresh" content="0;url=' . $safeUrl . '">'
. '<title>Serwer poczty</title></head><body>'
. '<script>(function(){var target=' . $jsonUrl . ';'
. 'try{if(window.top){window.top.location.replace(target);return;}}catch(e){}'
. 'window.location.replace(target);}());</script>'
. '<p><a rel="noreferrer" href="' . $safeUrl . '">Otwórz panel poczty</a></p>'
. '</body></html>';
}
public static function errorPage(string $message, int $status): void
{
http_response_code($status);
+1 -1
View File
@@ -2,7 +2,7 @@ name=mail-login
id=mail-login
type=user
author=HITME.PL
version=1.0.9
version=1.0.10
active=no
installed=no
user_run_as=root
+14
View File
@@ -0,0 +1,14 @@
<?php
declare(strict_types=1);
require_once PLUGIN_ROOT . '/exec/lib/Http.php';
test('http redirect page performs top level browser navigation', function (): void {
$html = Http::redirectPageHtml('https://mx1.domena.pl:2222/api/login/url?key=SECRET&x=1');
assert_contains('window.top.location.replace', $html);
assert_contains('window.location.replace', $html);
assert_contains('<meta http-equiv="refresh"', $html);
assert_contains('https://mx1.domena.pl:2222/api/login/url?key=SECRET&amp;x=1', $html);
assert_contains('https://mx1.domena.pl:2222/api/login/url?key=SECRET\\u0026x=1', $html);
});
+1 -1
View File
@@ -8,7 +8,7 @@ test('plugin metadata and packaging docs match project rules', function (): void
assert_contains('name=mail-login', $conf);
assert_contains('id=mail-login', $conf);
assert_contains('type=user', $conf);
assert_contains('version=1.0.9', $conf);
assert_contains('version=1.0.10', $conf);
assert_contains('user_run_as=root', $conf);
assert_contains('/Users/marek/GPT/ChatGPT/da_plugins/mail-login/src', $packing);
assert_contains('/Users/marek/GPT/ChatGPT/da_plugins/mail-login/archives/X.Y.Z/mail-login.tar.gz', $packing);