Security Provider Issue with Server Side Redirection in SPA PHP

Wappler Version: 3.9.7
Operating System: Win 10 Pro
Server Model: PHP (SPA)
Database Type: MySQL
Hosting Type: AWS

Setup:
Parent page: parent.php (domain.com/parent)
Route: some_page.php (domain.com/parent/somePage)

Expected behavior

server side redirect should redirect the user to the defined route after login successfully without security provider preventing page load with a 302. It should allow to open the page with a 200.

Actual behavior

From a server action we’re doing a security login and redirecting to domain.com/parent/somePage (from server side itself using the ‘Redirection’ step) - in network tab we see a 302 when parent.php has a security enforcer enabled. We’re unable to login at all.

But if we remove the security enforcer from parent.php, we’re able to login using same credentials and this time the route redirects just fine with a 200 (as seen in network tab in dev tools on chrome).

If you call a server action with the server connect component then redirects will not work. When you instead go with the browser to the url of the server action then the redirect should work. An other solution is to call the server action within a flow and you return the redirect in a variable. Then in the flow after you called the server action you check the result and redirect in the client.

An other issue is with the content pages that are being loaded with ajax and have a security enforcer on them, they will return a 402 or 302 depending if a redirect was configured. I will have a look if I can adjust the router and view component to do the redirecting when receiving a 302.

Not sure which issue exactly applies in your case, for the first there is a workaround and for the second I will post an update here as soon as possible.

Here a first update for the routing plugin for handling 302 redirects in routes. The redirect is for the main page, so the whole page will be replaced with the new URL and not just the view.

dmxRouting.zip (2.8 KB)

this new routing js does not resolve the issue for us.
when we do a redirect from SA - sec prov still fails and redirects to the fall back URL defined on the security provider on the parent page.

Could you perhaps send me your project files in a private message so that I can see how exactly you are using the security provider.

will recreate the problem in a separate, fresh project and share in a couple days. unable to share the client project as it is.

on the recreated project - which we hosted on our dev servers - it is working as expected.
looks like a server side config is messing it up - from Wappler side, things are fine with routing js version 2.0.2 - will take it further on our end.

you may close this post. Thank you.