Use login URL to clear site data

onaio · Jan 21, 2025 · 8cbce16 · 8cbce16
1 parent 226bf0f
commit 8cbce16
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/oidc/viewsets.py b/oidc/viewsets.py
@@ -114,7 +114,12 @@ def _get_client(self, auth_server: str) -> Optional[OpenIDClient]:
     def login(self, request: HttpRequest, **kwargs: dict) -> HttpResponse:
         client = self._get_client(auth_server=kwargs.get("auth_server"))
         if client:
-            return client.login(redirect_after=request.query_params.get("next"))
+            response = client.login(redirect_after=request.query_params.get("next"))
+            # Add Clear-Site-Data headers
+            response["Clear-Site-Data"] = (
+                '"cache", "cookies", "storage", "executionContexts"'
+            )
+            return response
         return HttpResponseBadRequest(
             _("Unable to process OpenID connect login request."),
         )