Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/app/controllers
History
Jeff Wong 3189dab622 FIX: correctly remove authentication_data cookie on oauth login flow 
Additionally correctly handle cookie path for authentication_data

There were two bugs that exposed an interesting case where two discourse
instances hosted across two subfolder installs in the same domain
with oauth may clash and cause strange redirection on first login:

Log in to example.com/forum1. authentication_data cookie is set with path /
On the first redirection, the current authentication_data cookie is not unset.
Log in to example.com/forum2. In this case, the authentication_data cookie
is already set from forum1 - the initial page load will incorrectly redirect
the user to the redirect URL from the already-stored cookie, to /forum1.

This removes this issue by:

* Setting the cookie for the correct path, and not having it on root
* Correctly removing the cookie on first login
 		2020-03-21 14:34:25 -07:00
..
admin FIX: update `email_digests` user option when `default_email_digest_frequency` updated. 2020-03-20 00:55:47 +05:30
users FIX: correctly remove authentication_data cookie on oauth login flow 2020-03-21 14:34:25 -07:00
about_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
application_controller.rb FIX: Fix html response in development after ApplicationController reload 2020-03-15 21:00:42 +00:00
badges_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
bookmarks_controller.rb FEATURE: Send notifications for time-based and At Desktop bookmark reminders (#9071) 2020-03-12 10:16:00 +10:00
categories_controller.rb UX: Introduce automatic 'categories topics' setting (#8804) 2020-01-29 20:30:48 +02:00
category_hashtags_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
clicks_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
composer_messages_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
csp_reports_controller.rb allow CSP reports to be sent when header isn't set by Discourse (#6594) 2018-11-14 16:23:29 -05:00
directory_items_controller.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
draft_controller.rb FIX: Confirm `draft_key` is present on GET 2020-02-14 11:06:12 -05:00
drafts_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
email_controller.rb DEV: Implement a faster Discourse.cache 2019-11-27 16:11:49 +11:00
embed_controller.rb FEATURE: Create New Topic button on embed with params (#8280) 2019-11-01 14:19:10 -05:00
exceptions_controller.rb FEATURE: Add site setting to show more detailed 404 errors. (#8014) 2019-10-08 14:15:08 +03:00
export_csv_controller.rb fix the build. 2019-12-24 15:56:44 +05:30
extra_locales_controller.rb FIX: Better error handling for invalid locale bundle versions 2019-11-11 22:30:32 +01:00
finish_installation_controller.rb DEV: update rubocop to version 0.77 2019-12-10 11:48:39 +11:00
forums_controller.rb DEV: shutdown_ok parameter to /srv/status 2020-03-09 14:06:13 -07:00
groups_controller.rb FIX: Throw error when removing a user from group fails (#9162) 2020-03-10 15:25:00 -06:00
highlight_js_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
inline_onebox_controller.rb FIX: Make inline oneboxes work with secured topics in secured contexts (#8895) 2020-02-12 12:11:28 +02:00
invites_controller.rb FEATURE: Add timezone to core user_options (#8380) 2019-11-25 10:49:27 +10:00
list_controller.rb FIX: Make category slug validation less strict (#8915) 2020-02-11 17:01:12 +02:00
metadata_controller.rb FEATURE: Ensure we always fill the short_name in the web manifest 2020-02-04 14:16:00 -03:00
notifications_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
offline_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
onebox_controller.rb FIX: Cache failed onebox URL request server-side (#8421) 2019-11-28 07:48:29 +10:00
permalinks_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_action_users_controller.rb UX: pluralize "likes/read this" 2019-12-13 22:18:28 +01:00
post_actions_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_readers_controller.rb DEV: '= true' is not necessary 2019-12-03 11:32:45 -03:00
posts_controller.rb FEATURE: Allow custom date + time for bookmark reminders (#9185) 2020-03-12 10:52:15 +10:00
push_notification_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
qunit_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
reviewable_claimed_topics_controller.rb FIX: Make reviewable claiming work with deleted topics (#9040) 2020-02-25 15:49:23 +02:00
reviewables_controller.rb DEV: update rubocop to version 0.77 2019-12-10 11:48:39 +11:00
robots_txt_controller.rb FEATURE: Allow customization of robots.txt (#7884) 2019-07-15 20:47:44 +03:00
safe_mode_controller.rb FEATURE: Always disable customizations on the `/safe-mode` route (#9052) 2020-02-28 10:53:11 +00:00
search_controller.rb FEATURE: unconditionally skip indexing on search controller 2020-02-28 09:21:31 +11:00
session_controller.rb FIX: Handle SSO Provider Parse exception 2020-02-12 16:08:04 -07:00
similar_topics_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
site_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
static_controller.rb FEATURE: add short site description on login page title 2019-10-14 11:40:09 +05:30
steps_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
stylesheets_controller.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
svg_sprite_controller.rb UX: introduces icon-picker component for badges (#8844) 2020-02-05 00:41:10 +01:00
tag_groups_controller.rb DEV: Tag group improvements (#8252) 2019-10-30 16:57:13 +01:00
tags_controller.rb FIX: Make category slug validation less strict (#8915) 2020-02-11 17:01:12 +02:00
theme_javascripts_controller.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
themes_controller.rb Fix string literal when switching theme in dev env 2019-05-13 10:25:51 -04:00
topics_controller.rb FIX: post edited webhook does not reflect updated topic title 2020-03-21 07:43:11 -06:00
uploads_controller.rb FIX: Ensure show_short URLs handle secure uploads using multisite (#9212) 2020-03-16 11:54:14 +10:00
user_actions_controller.rb FEATURE: Quick access panels in user menu (#8073) 2019-09-09 11:03:57 -04:00
user_api_keys_controller.rb SECURITY: Correct permission check when revoking user API keys 2019-12-17 10:56:16 +00:00
user_avatars_controller.rb FIX: Return blank avatar when downloading an avatar is not possible due to file size 2019-10-22 12:05:36 -03:00
user_badges_controller.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
users_controller.rb SECURITY: Prevent access to other user's bookmark lists 2020-03-19 10:59:32 +10:00
users_email_controller.rb FIX: When admin changes another user's email auto-confirm the change (#9001) 2020-02-20 09:52:21 +10:00
webhooks_controller.rb DEV: Apply rubocop (#8926) 2020-02-11 16:21:03 +00:00
wizard_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00