diff options
| author | Stan Hu <stanhu@gmail.com> | 2015-08-26 07:38:33 -0700 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2015-08-26 07:38:33 -0700 |
| commit | c1fe98e0b9dbe40d564dc5ddad23e14dd0e6e462 (patch) | |
| tree | 8267abbf8091f45cb6eb901182fc73d64acd7a3f | |
| parent | 068dcefc8645c6abbcf1b7f6fa23ea49e526c501 (diff) | |
| download | gitlab-ce-c1fe98e0b9dbe40d564dc5ddad23e14dd0e6e462.tar.gz | |
Prevent too many redirects error when home page URL set to external_urll
Many users naively set the home page URL setting to external_url
(e.g. https://mydomain.com). When an unauthenticated user signs in, this
causes endless redirections. For example, this is occuring:
1. Unauthenticated user attempts to access https://mydomain.com/dashboard
2. Application redirects to the home page URL: https://mydomain.com
3. Repeat step 2
In step 3, ApplicationController should have redirected the user to
https://mydomain.com/users/sign_in. Disabling the redirection if home
page URL is the same as external_url prevents users from messing up.
Closes https://github.com/gitlabhq/gitlabhq/issues/8843
Closes #2057
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 4 |
2 files changed, 4 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG index a93558fb10d..92793b6be24 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.0.0 (unreleased) + - Prevent too many redirects upon login when home page URL is set to external_url (Stan Hu) - Improve dropdown positioning on the project home page (Hannes Rosenögger) - Upgrade browser gem to 1.0.0 to avoid warning in IE11 compatibilty mode (Stan Hu) - Fix "Reload with full diff" URL button in compare branch view (Stan Hu) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 12d439b0b31..ef1170e16da 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -55,7 +55,9 @@ class ApplicationController < ActionController::Base def authenticate_user!(*args) # If user is not signed-in and tries to access root_path - redirect him to landing page - if current_application_settings.home_page_url.present? + # Don't redirect to the default URL to prevent endless redirections + if current_application_settings.home_page_url.present? && + current_application_settings.home_page_url.chomp('/') != Gitlab.config.gitlab['url'].chomp('/') if current_user.nil? && root_path == request.path redirect_to current_application_settings.home_page_url and return end |