From 5d7d54d07694f694b88e1523e7b7f686b134f299 Mon Sep 17 00:00:00 2001
From: Kristina <kristina.durivage@grafana.com>
Date: Fri, 21 Oct 2022 09:53:17 -0500
Subject: [PATCH] Auth: Write the redirect cookie if denied - do not write a
 blank redirect (#57381)

* Write the redirect cookie if denied - do not write a blank redirect

* Remove redundant code, reverse polarity
---
 pkg/middleware/auth.go                   | 5 ++++-
 pkg/services/accesscontrol/middleware.go | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/middleware/auth.go b/pkg/middleware/auth.go
index 210ad993079..7ab6274bc4c 100644
--- a/pkg/middleware/auth.go
+++ b/pkg/middleware/auth.go
@@ -64,9 +64,12 @@ func writeRedirectCookie(c *models.ReqContext) {
 		redirectTo = setting.AppSubUrl + c.Req.RequestURI
 	}
 
+	if redirectTo == "/" {
+		return
+	}
+
 	// remove any forceLogin=true params
 	redirectTo = removeForceLoginParams(redirectTo)
-
 	cookies.WriteCookie(c.Resp, "redirect_to", url.QueryEscape(redirectTo), 0, nil)
 }
 
diff --git a/pkg/services/accesscontrol/middleware.go b/pkg/services/accesscontrol/middleware.go
index db11d0c2038..c0d3868e266 100644
--- a/pkg/services/accesscontrol/middleware.go
+++ b/pkg/services/accesscontrol/middleware.go
@@ -84,6 +84,7 @@ func deny(c *models.ReqContext, evaluator Evaluator, err error) {
 
 	if !c.IsApiRequest() {
 		// TODO(emil): I'd like to show a message after this redirect, not sure how that can be done?
+		writeRedirectCookie(c)
 		c.Redirect(setting.AppSubUrl + "/")
 		return
 	}