Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Localization fails when domains from the Public Suffix List are included in the hostname #21710

Open
pabasara-mahindapala opened this issue Nov 15, 2024 · 3 comments · May be fixed by wso2/identity-apps#7353
Open

Localization fails when domains from the Public Suffix List are included in the hostname #21710

pabasara-mahindapala opened this issue Nov 15, 2024 · 3 comments · May be fixed by wso2/identity-apps#7353
Assignees
@brionmario
Labels
Complexity/Medium frontend Severity/Critical Team/Identity Server Core Type/Bug

Comments

@pabasara-mahindapala
Copy link
Contributor

pabasara-mahindapala commented Nov 15, 2024
edited
Loading

Describe the issue:

When the hostname (Eg: "test.gov.rs") of WSO2 IS includes a domain that is in the Public Suffix List [1], the localization fails in the webapps. This is because the "ui_lang" cookie is not being set correctly due to browser restrictions [2] against setting cookies for domains in the Public Suffix List.

When the domain is extracted using the extractDomainFromHost() method [3] and if the domain is in the Public Suffix List (Eg: "gov.rs"), setting the cookie is restricted by the browser. We need to check if a domain is in the Public Suffix List before setting the cookie against it.

[1] https://publicsuffix.org/list/public_suffix_list.dat
[2] https://publicsuffix.org/learn/
[3] https://github.com/wso2/identity-apps/blob/d2b06cbf70f3ccf5857d17711f247715ba542783/identity-apps-core/apps/authentication-portal/src/main/webapp/includes/language-switcher.jsp#L66

How to reproduce:

  1. Update the following configurations in the <IS_HOME>/repository/conf/deployment.toml file and start an IS 7.0.0 server:
[server]
hostname = "test.gov.rs"

[transport.https.properties]
proxyPort = "443" 
port = "443"
  1. Add the following entry to the /etc/hosts file:

127.0.0.1 test.gov.rs

  1. Open https://test.gov.rs/console in the browser and try to switch the language in the login page. The language switcher will not work since the "ui_lang" cookie is not being set.

Expected behavior:
The "ui_lang" cookie should be set correctly

Environment information:

  • Product Version: IS 7.0.0
  • OS: Mac
  • Database: H2
  • Userstore: JDBC

Optional Fields

Related issues:
#18315
@inthirakumaaran
Copy link
Contributor

Also, let's check whether we can support the Internationalized Domains properly

@brionmario brionmario self-assigned this Jan 16, 2025
@brionmario brionmario moved this from Todo to In Progress in Identity Server 7.1.0 Jan 20, 2025
@brionmario
Copy link
Member

brionmario commented Jan 20, 2025
edited
Loading

In order to fix this issue properly, we may have to do one of the following.

  • Maintain a copy of the publicsuffixlist in the app and then use that when deriving the domains.

  • Use one of the supplementary libraries like tldts (106kb) to derive the domain.

    Image

  • Get the domain from the deployment.toml.

@brionmario brionmario linked a pull request Jan 21, 2025 that will close this issue
Open
10 tasks
@brionmario
Copy link
Member

Decided to go ahead with the tldts library and a PR is sent:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brionmario brionmario

Labels
Complexity/Medium frontend Severity/Critical Team/Identity Server Core Type/Bug
Projects
Identity Server 7.1.0
Status: In Progress
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Integrate tldts to derive the domain name brionmario/identity-apps
5 participants
@inthirakumaaran @nilasini @brionmario @pavinduLakshan @pabasara-mahindapala