Use relative paths for sign in (fix vatesfr/xo-web#361).

2015-09-10 14:45:35 +02:00 · 2015-09-10 14:45:35 +02:00 · 87553ac685
commit 87553ac685
parent 384f396bbb
2 changed files with 10 additions and 5 deletions
--- a/signin.jade
+++ b/signin.jade
@ -13,7 +13,7 @@ html
        .page-header
          img(src = 'images/logo_small.png')
          h2 Xen Orchestra
-          form.form-horizontal(action = '/signin/local' method = 'post')
+          form.form-horizontal(action = 'signin/local' method = 'post')
            fieldset
              legend.login
                h3 Sign in
@ -47,4 +47,4 @@ html
                    i.fa.fa-sign-in
                    |  Sign in
              each label, id in strategies
-                div: a(href = '/signin/' + id) Sign in with #{label}
+                div: a(href = 'signin/' + id) Sign in with #{label}
--- a/src/index.js
+++ b/src/index.js
@ -152,7 +152,7 @@ async function setUpPassport (express, xo) {

        if (!user) {
          req.flash('error', info ? info.message : 'Invalid credentials')
-          return res.redirect('/signin')
+          return res.redirect('signin')
        }

        // The cookie will be set in via the next request because some
@ -162,7 +162,12 @@ async function setUpPassport (express, xo) {
          (await xo.createAuthenticationToken({userId: user.id})).id
        )

-        res.redirect('/')
+        // A relative path is needed to avoid breaking reverse proxies.
+        res.redirect(
+          matches[2]
+            ? '../../'
+            : '../'
+        )
      })(req, res, next)
    }

@ -175,7 +180,7 @@ async function setUpPassport (express, xo) {
    } else if (/fontawesome|images|styles/.test(req.url)) {
      next()
    } else {
-      res.redirect('/signin')
+      res.redirect('signin')
    }
  })