Mercurial > hg > soundsoftware-site

changeset 237:4b1a23d81683 bug_83

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
When redirecting after login, if the current request URL is an https URL, ensure the back_url is too
author Chris Cannam <chris.cannam@soundsoftware.ac.uk>
date Fri, 18 Feb 2011 09:58:02 +0000
parents 61f66ddb0b65
children 83bf35c4f9d1 e124b1258c0b
files app/controllers/application_controller.rb
diffstat 1 files changed, 6 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/app/controllers/application_controller.rb	Thu Feb 17 19:48:33 2011 +0000
+++ b/app/controllers/application_controller.rb	Fri Feb 18 09:58:02 2011 +0000
@@ -263,6 +263,12 @@
         uri = URI.parse(back_url)
         # do not redirect user to another host or to the login or register page
         if (uri.relative? || (uri.host == request.host)) && !uri.path.match(%r{/(login|account/register)})
+          # soundsoftware: if login page is https but back_url http,
+          # switch back_url to https to ensure cookie validity (#83)
+          if (uri.scheme == "http") && (URI.parse(request.url).scheme == "https")
+            uri.scheme = "https"
+            back_url = uri.to_s
+          end
           redirect_to(back_url)
           return
         end