github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-24 14:12:10 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: ensure we never cache login redirects by mistake

Browse Source
This commit is contained in:
Sam
2018-11-09 11:14:35 +11:00
parent cbd6bd191a
commit 15991677d4
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/application_controller.rb
View File

@ -692,7 +692,9 @@ class ApplicationController < ActionController::Base
return if current_user || (request.format.json? && is_api?) return if current_user || (request.format.json? && is_api?)
if SiteSetting.login_required? if SiteSetting.login_required?
flash.keep flash.keep
dont_cache_page
if SiteSetting.enable_sso? if SiteSetting.enable_sso?
# save original URL in a session so we can redirect after login # save original URL in a session so we can redirect after login

5
spec/requests/application_controller_spec.rb
View File

@ -13,6 +13,11 @@ RSpec.describe ApplicationController do
get "/?authComplete=true" get "/?authComplete=true"
expect(response).to redirect_to('/login?authComplete=true') expect(response).to redirect_to('/login?authComplete=true')
end end
it "should never cache a login redirect" do
get "/"
expect(response.headers["Cache-Control"]).to eq("no-cache, no-store")
end
end end
describe 'invalid request params' do describe 'invalid request params' do