Add SSO hostname to connect's proxy host allow list.

Joerger · Joerger · commit 6f994a88426d · 2024-10-28T12:02:04.000-07:00
diff --git a/web/packages/teleterm/src/mainProcess/rootClusterProxyHostAllowList.ts b/web/packages/teleterm/src/mainProcess/rootClusterProxyHostAllowList.ts
@@ -77,22 +77,24 @@ export function manageRootClusterProxyHostAllowList({
 
     allowList.clear();
     for (const rootCluster of rootClusters) {
-      if (!rootCluster.proxyHost) {
-        continue;
+      if (rootCluster.proxyHost) {
+        let browserProxyHost: string;
+        try {
+          browserProxyHost = proxyHostToBrowserProxyHost(rootCluster.proxyHost);
+        } catch (error) {
+          logger.error(
+            'Ran into an error when converting proxy host to browser proxy host',
+            error
+          );
+          continue;
+        }
+        allowList.add(browserProxyHost);
       }
 
-      let browserProxyHost: string;
-      try {
-        browserProxyHost = proxyHostToBrowserProxyHost(rootCluster.proxyHost);
-      } catch (error) {
-        logger.error(
-          'Ran into an error when converting proxy host to browser proxy host',
-          error
-        );
-        continue;
+      // Allow the SSO hostname for SSO login/mfa redirects.
+      if (rootCluster.ssoHostname) {
+        allowList.add(rootCluster.ssoHostname);
       }
-
-      allowList.add(browserProxyHost);
     }
   };
 
