Discource-C/discourse
1
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-16 08:15:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

FIX: ensure we never cache login redirects by mistake

Browse Source
This commit is contained in:
Sam 2018-11-09 11:14:35 +11:00
parent cbd6bd191a
commit 15991677d4
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/application_controller.rb
View File

@ -692,7 +692,9 @@ class ApplicationController < ActionController::Base
return if current_user || (request.format.json? && is_api?)
if SiteSetting.login_required?
flash.keep
dont_cache_page
if SiteSetting.enable_sso?
# save original URL in a session so we can redirect after login

5
spec/requests/application_controller_spec.rb
View File

@ -13,6 +13,11 @@ RSpec.describe ApplicationController do
get "/?authComplete=true"
expect(response).to redirect_to('/login?authComplete=true')
end
it "should never cache a login redirect" do
get "/"
expect(response.headers["Cache-Control"]).to eq("no-cache, no-store")
end
end
describe 'invalid request params' do