mirror of
https://github.com/discourse/discourse.git
synced 2025-02-07 03:48:23 +00:00
7a52ce0d6d
When the anonymous cache forces users into anonymous mode, it strips the cookies from their request. However, the discourse-logged-in header from the JS client remained. When the discourse-logged-in header is present without any valid auth_token, the current_user_provider [marks the request as ['logged out'](dbbfad7ed0/lib/auth/default_current_user_provider.rb (L125-L125)), and a [discourse-logged-out header is returned to the client](dbbfad7ed0/lib/middleware/request_tracker.rb (L209-L211)). This causes the JS app to [popup a "you were logged out" modal](dbbfad7ed0/app/assets/javascripts/discourse/app/components/d-document.js (L29-L29)), which is very disruptive. This commit strips the discourse-logged-in header from the request at the same time as the auth cookie.