lmxopcua

dohertj2/lmxopcua

Fork 0

Commit Graph

Author	SHA1	Message	Date
Joseph Doherty	af691f3291	fix(security): correct challenge tests to match framework reality ASP.NET Core's cookie-handler IsAjaxRequest heuristic only checks X-Requested-With (not Accept). Drop the third test (Accept: application/json was assumed to → 401 but actually → 302) and the Location.ShouldBeNull assertion on the XHR test (framework still writes Location alongside 401; clients ignore it). Renamed _ajax_ → _xhr_ for accuracy. Design doc updated to match.	2026-05-29 07:58:18 -04:00
Joseph Doherty	bc4fce5fbe	docs: design for auth/login alignment with ScadaBridge Removes the JwtBearer parallel scheme + non-redirect 401 challenge that left browsers staring at Chrome's HTTP_RESPONSE_CODE_FAILURE page on protected GETs. JWT keeps minting (cookie payload only); cookie config flows through the existing-but-unused OtOpcUaCookieOptions via PostConfigure (same pattern ScadaBridge uses).	2026-05-29 07:39:11 -04:00

Author

SHA1

Message

Date

Joseph Doherty

af691f3291

fix(security): correct challenge tests to match framework reality

ASP.NET Core's cookie-handler IsAjaxRequest heuristic only checks
X-Requested-With (not Accept). Drop the third test (Accept: application/json
was assumed to → 401 but actually → 302) and the Location.ShouldBeNull
assertion on the XHR test (framework still writes Location alongside 401;
clients ignore it). Renamed _ajax_ → _xhr_ for accuracy. Design doc
updated to match.

2026-05-29 07:58:18 -04:00

Joseph Doherty

bc4fce5fbe

docs: design for auth/login alignment with ScadaBridge

Removes the JwtBearer parallel scheme + non-redirect 401 challenge that left
browsers staring at Chrome's HTTP_RESPONSE_CODE_FAILURE page on protected
GETs. JWT keeps minting (cookie payload only); cookie config flows through
the existing-but-unused OtOpcUaCookieOptions via PostConfigure (same pattern
ScadaBridge uses).

2026-05-29 07:39:11 -04:00

2 Commits