Mercurial > hg > soundsoftware-site
changeset 237:4b1a23d81683 bug_83
When redirecting after login, if the current request URL is an https URL, ensure the back_url is too
author | Chris Cannam <chris.cannam@soundsoftware.ac.uk> |
---|---|
date | Fri, 18 Feb 2011 09:58:02 +0000 |
parents | 61f66ddb0b65 |
children | 83bf35c4f9d1 e124b1258c0b |
files | app/controllers/application_controller.rb |
diffstat | 1 files changed, 6 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/app/controllers/application_controller.rb Thu Feb 17 19:48:33 2011 +0000 +++ b/app/controllers/application_controller.rb Fri Feb 18 09:58:02 2011 +0000 @@ -263,6 +263,12 @@ uri = URI.parse(back_url) # do not redirect user to another host or to the login or register page if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)}) + # soundsoftware: if login page is https but back_url http, + # switch back_url to https to ensure cookie validity (#83) + if (uri.scheme == "http") && (URI.parse(request.url).scheme == "https") + uri.scheme = "https" + back_url = uri.to_s + end redirect_to(back_url) return end