FIX: ensure we never cache login redirects by mistake
This commit is contained in:
parent
cbd6bd191a
commit
15991677d4
|
@ -692,7 +692,9 @@ class ApplicationController < ActionController::Base
|
||||||
return if current_user || (request.format.json? && is_api?)
|
return if current_user || (request.format.json? && is_api?)
|
||||||
|
|
||||||
if SiteSetting.login_required?
|
if SiteSetting.login_required?
|
||||||
|
|
||||||
flash.keep
|
flash.keep
|
||||||
|
dont_cache_page
|
||||||
|
|
||||||
if SiteSetting.enable_sso?
|
if SiteSetting.enable_sso?
|
||||||
# save original URL in a session so we can redirect after login
|
# save original URL in a session so we can redirect after login
|
||||||
|
|
|
@ -13,6 +13,11 @@ RSpec.describe ApplicationController do
|
||||||
get "/?authComplete=true"
|
get "/?authComplete=true"
|
||||||
expect(response).to redirect_to('/login?authComplete=true')
|
expect(response).to redirect_to('/login?authComplete=true')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "should never cache a login redirect" do
|
||||||
|
get "/"
|
||||||
|
expect(response.headers["Cache-Control"]).to eq("no-cache, no-store")
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'invalid request params' do
|
describe 'invalid request params' do
|
||||||
|
|
Loading…
Reference in New Issue