Logout chooses first allowable logout url regardless of current domain

On logout the first, and only the first allowed logout URL is called, regardless of the domain from which the logout is originated. If I am running http://localhost:8080 and logout from any view within my app, the logout redirect is to “dev.domain_name.com/dashboard” which is the first URL in the list of allowed urls.

List of allowable logout urls:
http://dev.domain_name.com, http://localhost:8080/dashboard

The expected behavior (and prior behavior)

Steps to reproduce:

  • start at localhost:8080/dashboard
  • click login
  • authenticates redirects successfully to the correct view address
  • click logout
  • logs out and redirects to “dev.domain_name.com” which is incorrect and happens to be the first allowable logout url in the list.

Conversely, if I switch the order of the allowable urls to:
http://localhost:8080/dashboard, http://dev.domain_name.com

and, I login from http://dev.domain_name.com;

  • logs in successfully to the correct url, http://dev.domain_name.com
    if I logout from http://dev.domain_name.com it redirects to http://localhost:8080/dashboard