Only show missing URLs on Identity Provider CORS Warning

[ATLJLawrie]

Only show missing URLs on Identity Providor CORS Warning

Problem

In order to expose metadata to external parties we need to Enable Identity Provider Integrations without know their specific IdP URLs. Thus we typically just put in some dummy / placeholder value. This properly triggers the CORS filter warning however to those who aren't aware the warning shows all active IdP domains.

Solution

Have the CORS warning only show the specific domains / URLs that are missing.

Additional context

Add any other context or screenshots about the feature request here.

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

[mooreds]

@ATLJLawrie just so I understand, the issue is:

• you have a SAML identity provider that is correctly configured and has a domain like example.com added to FusionAuth CORS
• you create a new SAML Identity Provider and put in dummy values (abc.com) that is not added to CORS
• the CORS error shows up and shows both example.com and abc.com to all users

Is that correct?

And your problem is that this exposes information to people who should not see it, or that it is confusing? Or is there another concern I am missing?

[ATLJLawrie]

Thanks @mooreds

Your understanding of the issue is 100% correct.

Effectively the feature request is to hide the correctly configured domains as it can be confusing to someone more of a AzureAD sets up SAML background which is the user type whom we have manage our SSO relations in our app. Effectively our goal would be since we use dummy IDP urls during the intial token exchange we could rapidlly dismiss the CORS error if it only contained those dummy URLs