On logout the first, and only the first allowed logout URL is called, regardless of the domain from which the logout is originated. If I am running http://localhost:8080 and logout from any view within my app, the logout redirect is to “dev.domain_name.com/dashboard” which is the first URL in the list of allowed urls.
List of allowable logout urls:
The expected behavior (and prior behavior)
- logging out from http://localhost:8080 should redirect to http://localhost:8080/dashboard
- logging out from http://dev.domain_name.com should redirect to http://dev.domain_name.com/dashboard
Steps to reproduce:
- start at localhost:8080/dashboard
- click login
- authenticates redirects successfully to the correct view address
- click logout
- logs out and redirects to “dev.domain_name.com” which is incorrect and happens to be the first allowable logout url in the list.
Conversely, if I switch the order of the allowable urls to:
and, I login from http://dev.domain_name.com;
- logs in successfully to the correct url, http://dev.domain_name.com
if I logout from http://dev.domain_name.com it redirects to http://localhost:8080/dashboard