FIX: ensure we never cache login redirects by mistake

This commit is contained in:
Sam 2018-11-09 11:14:35 +11:00
parent cbd6bd191a
commit 15991677d4
2 changed files with 7 additions and 0 deletions

View File

@ -692,7 +692,9 @@ class ApplicationController < ActionController::Base
return if current_user || (request.format.json? && is_api?) return if current_user || (request.format.json? && is_api?)
if SiteSetting.login_required? if SiteSetting.login_required?
flash.keep flash.keep
dont_cache_page
if SiteSetting.enable_sso? if SiteSetting.enable_sso?
# save original URL in a session so we can redirect after login # save original URL in a session so we can redirect after login

View File

@ -13,6 +13,11 @@ RSpec.describe ApplicationController do
get "/?authComplete=true" get "/?authComplete=true"
expect(response).to redirect_to('/login?authComplete=true') expect(response).to redirect_to('/login?authComplete=true')
end end
it "should never cache a login redirect" do
get "/"
expect(response.headers["Cache-Control"]).to eq("no-cache, no-store")
end
end end
describe 'invalid request params' do describe 'invalid request params' do