diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-08-26 15:23:53 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-08-26 15:23:53 +0000 |
| commit | fc66e1cc94076b1b43119b1ce24afb5cd5656c80 (patch) | |
| tree | 1cf92748c2cccba6a5f7e5a307ffa75ec529edd4 | |
| parent | 6c23fd389f5bd024e892876d593162e1a8995ad4 (diff) | |
| parent | c1fe98e0b9dbe40d564dc5ddad23e14dd0e6e462 (diff) | |
| download | gitlab-ce-fc66e1cc94076b1b43119b1ce24afb5cd5656c80.tar.gz | |
Merge branch 'prevent-too-many-redirects-on-signin' into 'master'
Prevent too many redirects error when home page URL set to external_urll
Many users naively set the home page URL setting to external_url
(e.g. https://mydomain.com). When an unauthenticated user signs in, this
causes endless redirections. For example, this is occuring:
1. Unauthenticated user attempts to access https://mydomain.com/dashboard
2. Application redirects to the home page URL: https://mydomain.com
3. Repeat step 2
In step 3, ApplicationController should have redirected the user to
https://mydomain.com/users/sign_in. Disabling the redirection if home
page URL is the same as external_url prevents users from messing up.
* Closes https://github.com/gitlabhq/gitlabhq/issues/8843
* Closes #2057
See merge request !1210
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 4 |
2 files changed, 4 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG index 03b12ff1331..6c4da36529e 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.0.0 (unreleased) + - Prevent too many redirects upon login when home page URL is set to external_url (Stan Hu) - Improve dropdown positioning on the project home page (Hannes Rosenögger) - Upgrade browser gem to 1.0.0 to avoid warning in IE11 compatibilty mode (Stan Hu) - Fix "Reload with full diff" URL button in compare branch view (Stan Hu) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 12d439b0b31..ef1170e16da 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -55,7 +55,9 @@ class ApplicationController < ActionController::Base def authenticate_user!(*args) # If user is not signed-in and tries to access root_path - redirect him to landing page - if current_application_settings.home_page_url.present? + # Don't redirect to the default URL to prevent endless redirections + if current_application_settings.home_page_url.present? && + current_application_settings.home_page_url.chomp('/') != Gitlab.config.gitlab['url'].chomp('/') if current_user.nil? && root_path == request.path redirect_to current_application_settings.home_page_url and return end |