I have a web application lets call it server1:8080/amcd this application has a setting in it that allows a user to be auto logged in when i pass in a custom request header in the page request. This custom header is called "REMOTE_USER".
My plan is to have another page on another web application, lets call it server2:8080/ssoRedirect/test.html this app on server 2 is acting like a filter where i will pass in a URL parameter such as server2:8080/ssoRedirect/test.html?UserName=user1 this page will take the "user1" parameter and redirect to server1:8080/amcd page while injecting the "user1" value in the "REMOTE_USER" page request.
Any advice in how to I might accomplish this?
I was looking at some simple javascript like below but could not get it to work.
<script>
var url = "http://localhost:8080/index.html?userName=user1"; // or window.location.href for current url
var usernameParam = /userName=([^&]+)/.exec(url)[1];
var result = usernameParam ? usernameParam : 'myDefaultValue';
function customHeader(remoteinput, userinput) {
var client = new XMLHttpRequest();
client.open("POST", "/log");
client.setRequestHeader(remoteinput, userinput);
}
window.location.href = "http://ephesoft.eastus2.cloudapp.azure.com:8080/dcma/";
</script>
I am able to make this work when I use the Modify header plugin for chrome and firefox.
Image of not request page header
You're setting the custom headers for the response which is instructing the browser to redirect, not for the redirect itself. The only way for a site to instruct a browser to issue an HTTP request with a custom header is to use Javascript and the XMLHttpRequest object. And it needs CORS implemented on the target server to allow such ajax requests.
A web page can not set HTTP request headers unless you are making an async request using XMLHttpRequest. In this case you are not, you are doing a redirect, like clicking on an href. Instead of relying on custom headers, depending on your backend use any one of these: This is correct.
The <redirectHeaders> element specifies a collection of custom HTTP headers that Internet Information Services (IIS) 7 will add to HTTP redirects. HTTP headers are name and value pairs that are returned in responses from a Web server.
HTTP headers are name and value pairs that are returned in responses from a Web server. Unlike custom headers, which are returned in every response from a Web server, redirect headers are returned only when redirection occurs. The <redirectHeaders> element was not modified in IIS 10.0.
A web page can not set HTTP request headers unless you are making an async request using XMLHttpRequest. In this case you are not, you are doing a redirect, like clicking on an href. Instead of relying on custom headers, depending on your backend use any one of these:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With