From 452628191bc46134a381345467d96f6913d17476 Mon Sep 17 00:00:00 2001 From: Celia Amador Date: Wed, 4 Mar 2026 14:56:29 +0100 Subject: [PATCH 1/2] EDM-2851: Do not clear OCP cookies on logout --- proxy/auth/common.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/proxy/auth/common.go b/proxy/auth/common.go index b03c226e7..021c8399c 100644 --- a/proxy/auth/common.go +++ b/proxy/auth/common.go @@ -318,8 +318,6 @@ func clearSessionCookie(w http.ResponseWriter, r *http.Request) { SameSite: http.SameSiteLaxMode, } http.SetCookie(w, &cookie) - - w.Header().Set("Clear-Site-Data", `"cookies"`) } // validateAndExtractProviderFromState validates the state parameter and extracts the provider name From f3210fe37b9e257c8aaa89c8e38cf788a3192cd3 Mon Sep 17 00:00:00 2001 From: Celia Amador Date: Wed, 4 Mar 2026 14:57:05 +0100 Subject: [PATCH 2/2] Do not combine prompt values --- proxy/auth/common.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/proxy/auth/common.go b/proxy/auth/common.go index 021c8399c..0d41db804 100644 --- a/proxy/auth/common.go +++ b/proxy/auth/common.go @@ -129,9 +129,9 @@ func loginRedirect(client *osincli.Client, state string, codeChallenge string) s query.Set("code_challenge_method", "S256") // Force that when a new auth flow starts, the user is prompted to select - // their account and enter credentials, even if they're already logged in + // their account, even if they're already logged in // Does not work for all providers (eg. OpenShift) - query.Set("prompt", "login select_account") + query.Set("prompt", "select_account") parsedURL.RawQuery = query.Encode()