Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Handling IE11's cache-control issues
See original GitHub issueLibrary
-
msal@1.x.xor@azure/msal@1.x.x -
@azure/msal-browser@2.11.0 -
@azure/msal-node@1.x.x -
@azure/msal-react@1.0.0-alpha.4 -
@azure/msal-angular@0.x.x -
@azure/msal-angular@1.x.x -
@azure/msal-angular@2.x.x -
@azure/msal-angularjs@1.x.x
Description
We came across an interesting problem trying to use our site, msal and IE11.
We have a site which is available in two languages, so each site is on a separate subdomain. I don’t want to publish the URLs here, but they’re similar to lang1.web.core.windows.net and lang2.web.core.windows.net, while we’re testing them. The user can click a button which redirects them to the same location on the other language site, and they should stay logged in.
On IE11 the problem is that when you’re on the lang1 site, MSAL makes a request to the openid-configuration endpoint. When it comes back, it has an Access-Control-Allow-Origin header set to the lang1 domain, and a Cache-Control header set to ‘private’. This should mean that when you switch to lang2 and request the config, it should re-request the config, as it’s a different domain.
Unfortunately, IE11 thinks that sub-domains are the same domain for the sake of caching, so when you request the config from the lang1 domain then again from the lang2 domain, it gives you the cached version the second time. This shouldn’t be a problem, as the content is identical.
Unfortunately, IE11 thinks that sub-domains are different domains for sake of CORS, and so it then rejects its own cached copy of the config.
We have got(ten) around this by passing a patched version of XhrClient in config.system.networkClient when we create the PublicClientApplication instance and the browser is IE11, which sends “Cache-Control: no-cache”, “Pragma: no-cache” and “Expires: -1” headers with GET requests, which seems to do the job.
But I was wondering if I’m missing something here. And also wondering if there should be an option to do this in the library instead of having to patch it like this. I don’t think you’d necessarily want to always send the cache busting headers, as caching would still be useful if you weren’t using subdomains. (I’m guessing. Unless there are other IE11 issues I haven’t come across yet, which is quite possible.)
Source
- Internal (Microsoft)
- Customer request
Issue Analytics
- State:
- Created 3 years ago
- Comments:12 (7 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hi bot, this issue hasn’t been answered or solved yet!
This issue has not seen activity in 14 days. If your issue has not been resolved please leave a comment to keep this open. It will be closed in 7 days if it remains stale.