Static-web-apps: 401 Response overrides result in infinite redirects

Created on 23 Feb 2021  路  18Comments  路  Source: Azure/static-web-apps

Hello, I ported from routes.json to staticwebapp.config.json and made the relevant syntax modifications. I've attached my config file below:

{
  "routes": [
    {
      "route": "/api/*",
      "allowedRoles": [
        "user"
      ]
    },
    {
      "route": "/login",
      "rewrite": "/.auth/login/facebook"
    },
    {
      "route": "/logout",
      "rewrite": "/.auth/logout"
    },
    {
      "route": "/*",
      "allowedRoles": [
        "user"
      ]
    }
  ],
  "navigationFallback": {
    "rewrite": "index.html"
  },
  "responseOverrides": {
    "401": {
      "redirect": "/login",
      "statusCode": 302
    }
  }
}

I'm not sure what's causing infinite redirects at https://identity.azurestaticapps.net/.auth/login/done#_=_. I'm using Facebook authentication.

Am I doing anything wrong? Thank you!

Most helpful comment

Hi @Zhiyuan-Amos, we have identified the issue on our end and are working on a fix for this. We will update this thread when the fix gets deployed. Thanks for your patience!

All 18 comments

Can you please provide us with the site name/hostname so we can look at the logs from our end for this investigation? Thanks!

Hello @mkarmark, is there a way for me to send my site name to you privately? Thank you!

Hello @mkarmark , I realise that the problem is with "route": "/*". I've replaced this with the enumeration of all routes and it works fine.

Is it possible to support "route": "/*" i.e. the catch-all route though?

Thank you!

In the unified config file, "route": "/*" can/should still behave like a "catch-all" route but the change is that it will truly catch _all_...this is including your images/other assets. For a fallback route that redirects all client side route requests to index.html (for example), we recommend using the "navigationFallback" section here: https://docs.microsoft.com/en-us/azure/static-web-apps/configuration#fallback-routes. Let me know if this didn't address your concern, or feel free to post your routes file contents so we can help fine tune your routes to get what you expect :)

Hello @mkarmark, thank you for your prompt response! Correct me if I'm wrong, I don't think that the issue here is with a fallback route. My routes file contents are posted above. Specifically, the problem is with this segment:

    {
      "route": "/*",
      "allowedRoles": [
        "user"
      ]
    }

The resolution is to expand this segment to enumerate all routes e.g.

    {
      "route": "/",
      "allowedRoles": [
        "user"
      ]
    },
    {
      "route": "/somePath",
      "allowedRoles": [
        "user"
      ]
    },
    {
      "route": "/somePath/*",
      "allowedRoles": [
        "user"
      ]
    }

The above change would resolve the problem of infinite redirects. However, enumeration all paths will make the staticwebapp.config.json rather long.

Previously, when using routes.json, "route": "/*" would work as intended.

Hi @Zhiyuan-Amos, we have identified the issue on our end and are working on a fix for this. We will update this thread when the fix gets deployed. Thanks for your patience!

Hitting the same issue on our site. Will wait on an update. Here's the config we're using to place the entire site behind GitHub auth for only users we authorize as part of our private preview:

{
    "routes": [
        {
            "route": "/login",
            "rewrite": "/.auth/login/github"
        },
        {
            "route": "/logout",
            "serve": "/.auth/logout"
        },
        {
            "route": "/.auth/login/github",
            "allowedRoles": ["anonymous"]
        },
        {
            "route": "/.auth/logout",
            "allowedRoles": ["anonymous"]
        },
        {
            "route": "/*",
            "allowedRoles": ["reader"]
        }
    ],
    "responseOverrides": {
        "401": {
            "redirect": "/login",
            "statusCode": 302
        }
    }
}

Try adding

    {
      "route": "/.auth/*",
      "allowedRoles": [
        "anonymous",
        "authenticated"
      ]
    },

before the /* entry. That should fix it

@lanthaler your solution works, thanks! For me, it was /.auth/complete that was causing infinite redirects, so I added the following:

{
  "route": "/.auth/complete",
  "allowedRoles": [
    "anonymous"
  ]
},

@mkarmark fyi

We have finished deploying the fix for this issue. Thank you for your patience, and let us know if you still run into any issues!

Verified that it works, thanks!

@mkarmark There might be a minor bug. Client fails to load manifest.json (gets redirected based on responseOverrides, see https://github.com/Azure/static-web-apps/issues/297#issue-814566186), even though "route": "/*" is supposed to catch all.

Only upon adding the following:

{
  "route": "/manifest.json",
  "allowedRoles": [
    "anonymous"
  ]
},

Then it gets loaded successfully. I don't recall seeing this error previously, so I'm not sure whether the fix might have caused this problem.

Hey @Zhiyuan-Amos, that is very interesting. Do you mind sharing what error the client is seeing? Is the client getting sent to the login page?

Hi @miwebst, this is what I'm seeing on the Network tab

error2

And on my console

error

The client isn't getting redirected to the login page.

Interesting, @Zhiyuan-Amos, are you using any header overrides? Do you mind sharing your whole config file?

Hi @miwebst, you can find the config file in my comment above https://github.com/Azure/static-web-apps/issues/297#issuecomment-798815583 馃槃

Also, it only happens on the first load; won't encounter this issue on subsequent refreshes.

@miwebst any updates on this?

Hi @Zhiyuan-Amos do you mind filling a support ticket for this? I don't see why we are getting CORS errors on this and since it seems like you'd like to keep your hostname private then a support ticket is probably the best way for us to get the info we need to continue debugging.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

rajyraman picture rajyraman  路  5Comments

simonaco picture simonaco  路  4Comments

adamjcooper picture adamjcooper  路  6Comments

krisnuttall picture krisnuttall  路  3Comments

AshirwadSatapathi picture AshirwadSatapathi  路  5Comments