Description
Running the offender test website on test.mapserv.utah.gov/app causes an issue with the JAAS security from the DOC api for retrieving images.
We are running in a reverse proxy scenario to allow agents view photos without another login prompt. The DOC api returns a 302 (redirect) with some query string credentials to create a JSESSION cookie which we aren't using. The redirect for the JSESSION when on the /app slug does not read and use the x-forwarded-for headers added by the proxy and append the /app to the redirect url. Therefore the final security step to get the offender image fails with a 404 (not found).
Since we cannot get time with Trevor to debug this issue for a few weeks time, it might have to continue to be an issue until we are using a top level production domain.