1.7.0 redirects after sign out on an XHR request

[aaronjensen]

I'm not able to provide a repro at the moment, but after upgrading to 1.7.0 from 1.6.3, our sign out API request results in a 302, rather than a 200. I suspect this commit: 27b531e

[adamstegman]

Interesting. I would suspect the before_action is stepping in and redirecting, where there was nothing before. You could skip it or redefine it to have different behavior.

[mattbaumann1]

We recently upgraded to v1.7.0 and started having this issue. I decided to push it to v1.9.0 with the hopes it would be fixed and ended up with the same. Logs show a 302 and saml-tracer shows a 400.

Are others still having this issue?
@aaronjensen
@adamstegman

[mattbaumann1]

I think this is going to be a cross-site issue that will include the installation of gem 'rack-cors'. Is this what was required for others?

[mattbaumann1]

For us this ended up being an issue with turbo_stream reloading not loading the necessary headers and a CORS error being thrown, so not associated with the devise_saml_authenticatable upgrade but the fact that we added turbo at the same time.
NUARIG/competitions#964