Improve redirect avoidance for /sso paths

e6b3310577582fc702913ac084d41bdf7006439d was missing an ege case where return url included current_hostname
2025-05-21 18:12:32 +08:00 · 2018-11-09 17:03:42 +11:00
parent 7a53e0b186
commit 3ae4fcd1f7
2 changed files with 14 additions and 1 deletions
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@ -162,7 +162,11 @@ class SessionController < ApplicationController
        if return_path !~ /^\/[^\/]/
          begin
            uri = URI(return_path)
-            return_path = path("/") unless SiteSetting.sso_allows_all_return_paths || uri.host == Discourse.current_hostname
+            if (uri.hostname == Discourse.current_hostname)
+              return_path = uri.request_uri
+            elsif !SiteSetting.sso_allows_all_return_paths
+              return_path = path("/")
+            end
          rescue
            return_path = path("/")
          end