All geek questions in one place

Mozilla Persona (BrowserID): domain name + subdomain

The next problem.

I have a website:

  • example.com

but there are some third party websites that can be said:

  • data.example.com
  • help.example.com

All of them are controlled by the same flask application. Now I want the user to be able to click on the login on any of these websites and log in to all of them. There are two mail requests right now:

  • example.com/api/login
  • example.com/api/logout

Now the problem is that when you log in to example.com everything works beautifully. I even logged in to the subdomains themselves. Thanks, Mozilla. But when I enter one of the other subdomains, I get a response about the refusal due to domain mismatch, which makes perfect sense to me from the moment it occurred.

I know two solutions:

  • When the subdomain is first redirected to the real domain and the user clicks the login again.
  • Create /api/login and /api/logout urls for each subdomain. The problem here is that the user needs to go to the address that he registered

Of course, method 2 would be better for the user.

Now the real question is, is there a way to log in from these subdomains without login/logout URLs for each domain?

Let me know if I need to clarify. Thanks at Advance.

+4
source share
2 answers

One idea would be to have data.example.com and help.example.com have an iframe with the example.com login button in it, instead of the two subdomains that host their own login buttons.

Thus, when users switch to two subdomains, they press the button for entering the top-level domain ( example.com ) and set a cookie that will work on all three.

+2
source

I think that you are looking for exactly what is currently in PR 3854 . There is also a discussion here . It seems that he will very soon find his way into the master.

0
source

Source: https://habr.com/ru/post/1482280/

More articles:


All Articles