Support for meta-redirect instead of 302 redirect

[adborden]

In some unusual circumstances, we'd like to do a "meta-redirect" instead of the standard HTTP redirect. I.e. serve a 200 response with a meta tag and http-equiv=refresh to trigger the browser to load the authorizationUrl.

<html><head><meta http-equiv="refresh" content="0;url=#{authorizationUrl}"></head><body></body></html>

Something like specifying an option would be great:

passport.use(new OAuth2Strategy({
    authorizationURL: 'https://www.example.com/oauth2/authorize',
    tokenURL: 'https://www.example.com/oauth2/token',
    clientID: EXAMPLE_CLIENT_ID,
    clientSecret: EXAMPLE_CLIENT_SECRET,
    callbackURL: "http://localhost:3000/auth/example/callback",
    redirectMethod: "meta-refresh" // This would trigger this behavior
  }

Specifically, we're seeing redirects blocked by appcache as described here and this method of redirect would allow us to work around it. As far as I can tell, there's no security constraints. Let me know if I'm missing anything.

[felipou]

Better yet would be a way to handle redirects with a custom function. I used to intercept the express response's redirect method before calling authenticate, but in the current version there is simply no way to handle this. In my case I want the client to handle the response in javascript (ajax call), so I'd like to return the redirect url as an attribute in a JSON objet.

[korenzerah]

I am trying to do the same. When the client and the server are on seperated domains, CORS error happens when passport redirects with 302 status code. I'd like to change the status code. 302 is not catchable on client side with axios. The response is not intercepted with the data. Any workaround?