summaryrefslogtreecommitdiff
path: root/app/controllers/sessions_controller.rb
diff options
context:
space:
mode:
authorJacob Vosmaer <contact@jacobvosmaer.nl>2014-07-25 18:30:25 +0200
committerJacob Vosmaer <contact@jacobvosmaer.nl>2014-07-28 16:41:37 +0200
commit3a6f9c093e40020c63e2c78664d5c726eef09498 (patch)
treefe8739e17c2e048c1b0a17466afb8a9ec75ef65d /app/controllers/sessions_controller.rb
parent5a89b610286896d3fc647e66fd9d559465a74f6b (diff)
downloadgitlab-ce-3a6f9c093e40020c63e2c78664d5c726eef09498.tar.gz
Only redirect to referrer from public GitLab pages
Diffstat (limited to 'app/controllers/sessions_controller.rb')
-rw-r--r--app/controllers/sessions_controller.rb8
1 files changed, 6 insertions, 2 deletions
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index f7d5ca08c05..1bdba75c5e7 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,7 +1,7 @@
class SessionsController < Devise::SessionsController
def new
- redirect_url = if request.referer.present?
+ redirect_path = if request.referer.present? && (params['redirect_to_referer'] == 'yes')
referer_uri = URI(request.referer)
if referer_uri.host == Gitlab.config.gitlab.host
referer_uri.path
@@ -12,7 +12,11 @@ class SessionsController < Devise::SessionsController
request.fullpath
end
- store_location_for(:redirect, redirect_url)
+ # Prevent a 'you are already signed in' message directly after signing:
+ # we should never redirect to '/users/sign_in' after signing in successfully.
+ unless redirect_path == '/users/sign_in'
+ store_location_for(:redirect, redirect_path)
+ end
super
end
View Lorry Controller Status