mirror of
synced 2025-03-09 14:34:35 +00:00
Attempt 2, with more test. Additionally correctly handle cookie path for authentication_data There were two bugs that exposed an interesting case where two discourse instances hosted across two subfolder installs in the same domain with oauth may clash and cause strange redirection on first login: Log in to example.com/forum1. authentication_data cookie is set with path / On the first redirection, the current authentication_data cookie is not unset. Log in to example.com/forum2. In this case, the authentication_data cookie is already set from forum1 - the initial page load will incorrectly redirect the user to the redirect URL from the already-stored cookie, to /forum1. This removes this issue by: Setting the cookie for the correct path, and not having it on root Correctly removing the cookie on first login
123 lines
4.4 KiB
123 lines
4.4 KiB
<!DOCTYPE html>
<html lang="<%= html_lang %>" class="<%= html_classes %>">
<meta charset="utf-8">
<title><%= content_for?(:title) ? yield(:title) : SiteSetting.title %></title>
<meta name="description" content="<%= @description_meta || SiteSetting.site_description %>">
<meta name="discourse_theme_ids" content="<%= theme_ids&.join(",") %>">
<meta name="discourse_current_homepage" content="<%= current_homepage %>">
<%= render partial: "layouts/head" %>
<%= discourse_csrf_tags %>
<%- if SiteSetting.enable_escaped_fragments? %>
<meta name="fragment" content="!">
<%- end %>
<%- if shared_session_key %>
<meta name="shared_session_key" content="<%= shared_session_key %>">
<%- end %>
<%= build_plugin_html 'server:before-script-load' %>
<%= preload_script "locales/#{I18n.locale}" %>
<%- if ExtraLocalesController.client_overrides_exist? %>
<%= preload_script_url ExtraLocalesController.url('overrides') %>
<%- end %>
<%= preload_script "ember_jquery" %>
<%= preload_script "preload-store" %>
<%= preload_script "vendor" %>
<%= preload_script "pretty-text-bundle" %>
<%= preload_script "application" %>
<%- Discourse.find_plugin_js_assets(include_official: allow_plugins?, include_unofficial: allow_third_party_plugins?, request: request).each do |file| %>
<%= preload_script file %>
<%- end %>
<%- if staff? %>
<%= preload_script_url ExtraLocalesController.url('admin') %>
<%= preload_script "admin" %>
<%- end %>
<%- unless customization_disabled? %>
<%= theme_translations_lookup %>
<%= theme_js_lookup %>
<%= theme_lookup("head_tag") %>
<%- end %>
<%= render_google_tag_manager_head_code %>
<%= render_google_universal_analytics_code %>
<link rel="manifest" href="<%= Discourse.base_uri %>/manifest.webmanifest" crossorigin="use-credentials">
<%- if include_ios_native_app_banner? %>
<meta name="apple-itunes-app" content="app-id=<%= SiteSetting.ios_app_id %><%= ios_app_argument %>">
<%- end %>
<%= render partial: "common/discourse_stylesheet" %>
<%= yield :head %>
<%= build_plugin_html 'server:before-head-close' %>
<%= tag.meta id: 'data-discourse-setup', data: client_side_setup_data %>
<%- if (data = cookies.delete(:authentication_data, path: Discourse.base_uri)) && !current_user %>
<meta id="data-authentication" data-authentication-data="<%= data %>">
<%- end %>
<body class="<%= body_classes %>">
<%= render_google_tag_manager_body_code %>
<noscript data-path="<%= request.env['PATH_INFO'] %>">
<%= render partial: 'header' %>
<div id="main-outlet" class="wrap">
<!-- preload-content: -->
<%= yield %>
<!-- :preload-content -->
<nav itemscope itemtype='http://schema.org/SiteNavigationElement'>
<a href='<%= path "/" %>'><%= t 'home_title' %></a>
<%= link_to t('js.filters.categories.title'), path("/categories") %>
<%= link_to t('guidelines_topic.title'), path("/guidelines") %>
<%= link_to t('tos_topic.title'), path("/tos") %>
<%= link_to t('privacy_topic.title'), path("/privacy") %>
<footer id='noscript-footer'>
<p style="text-align:center;"><%= t 'powered_by_html' %></p>
<%- unless customization_disabled? %>
<%= theme_lookup("header") %>
<%= build_plugin_html 'server:header' %>
<%- end %>
<section id='main'>
<div id='offscreen-content'>
<% unless current_user %>
<form id='hidden-login-form' method="post" action="<%=main_app.login_path%>" style="display: none;">
<input name="username" type="text" id="signin_username">
<input name="password" type="password" id="signin_password">
<input name="redirect" type="hidden">
<input type="submit" id="signin-button" value="<%= t 'log_in' %>">
<% end %>
<div class="hidden" id="data-preloaded" data-preloaded="<%= preloaded_json %>"></div>
<%= preload_script "preload-application-data" %>
<%= yield :data %>
<%= preload_script 'browser-update' %>
<%- unless customization_disabled? %>
<%= theme_lookup("body_tag") %>
<%- end %>
<%= build_plugin_html 'server:before-body-close' %>