IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: StaticController#enter should not redirect to invalid paths (#27913)

Browse Source 
This commit updates `StaticController#enter` to not redirect to invalid
paths when the `redirect` param is set. Instead it should redirect to `/` when the
`redirect` param is invalid.
This commit is contained in:
Alan Guo Xiang Tan
2024-07-15 14:39:37 +08:00
committed by GitHub
parent 5f4dc1042e
commit a3d319ac2f
2 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
spec/requests/static_controller_spec.rb
View File

@@ -290,7 +290,7 @@ RSpec.describe StaticController do
end
end
context "with a full url to someone else" do
context "with a full url to an external host" do
it "redirects to the root path" do
post "/login.json", params: { redirect: "http://eviltrout.com/foo" }
expect(response).to redirect_to("/")
@@ -320,6 +320,13 @@ RSpec.describe StaticController do
expect(response).to redirect_to("/")
end
end
context "when the redirect path is invalid" do
it "redirects to the root URL" do
post "/login.json", params: { redirect: "test" }
expect(response).to redirect_to("/")
end
end
end
describe "#service_worker_asset" do