srv-web-7-7-inj-logout

This role injects a catcher that intercepts all logout elements in HTML pages served by Nginx and redirects them to a centralized logout endpoint via JavaScript.

Description

The srv-web-7-7-inj-logout Ansible role automatically embeds a lightweight JavaScript snippet into your web application’s HTML responses. This script identifies logout links, buttons, forms, and other elements, overrides their target URLs, and ensures users are redirected to a central OIDC logout endpoint, providing a consistent single sign‑out experience.

Overview

• Detection: Scans the DOM for anchors (<a>), buttons, inputs, forms, use elements and any attributes indicating logout functionality.

• Override: Rewrites logout URLs to point at your OIDC provider’s logout endpoint, including a redirect back to the application.

• Dynamic content support: Uses a MutationObserver to handle AJAX‑loaded or dynamically injected logout elements.

• CSP integration: Automatically appends the required script hash into your CSP policy via the role’s CSP helper.

Features

• Seamless injection via Nginx sub_filter on </head>.

• Automatic detection of various logout mechanisms (links, buttons, forms).

• Centralized logout redirection for a unified user experience.

• No changes required in application code.

• Compatible with SPAs and dynamically generated content.

• CSP‑friendly: manages script hash for you.

Further Resources

• OpenID Connect RP-Initiated Logout

• Nginx sub_filter Module

• Ansible Role Directory Structure