NuKVM/xen-orchestra
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Only use absolute paths in redirects to ease reverse proxies.

Browse Source
This commit is contained in:
Julien Fontanet 2015-11-05 15:50:06 +01:00
parent 712319974b
commit ca5e10784b
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/index.js
View File

@ -145,9 +145,6 @@ async function setUpPassport (express, xo) {
const SIGNIN_STRATEGY_RE = /^\/signin\/([^/]+)(\/callback)?(:?\?.*)?$/ const SIGNIN_STRATEGY_RE = /^\/signin\/([^/]+)(\/callback)?(:?\?.*)?$/
express.use(async (req, res, next) => { express.use(async (req, res, next) => {
// A relative path is needed to avoid breaking reverse proxies.
const basePath = posixPath.relative(req.path, '/')
const matches = req.url.match(SIGNIN_STRATEGY_RE) const matches = req.url.match(SIGNIN_STRATEGY_RE)
if (matches) { if (matches) {
@ -158,7 +155,7 @@ async function setUpPassport (express, xo) {
if (!user) { if (!user) {
req.flash('error', info ? info.message : 'Invalid credentials') req.flash('error', info ? info.message : 'Invalid credentials')
return res.redirect(`${basePath}/signin`) return res.redirect('/signin')
} }
// The cookie will be set in via the next request because some // The cookie will be set in via the next request because some
@ -174,7 +171,7 @@ async function setUpPassport (express, xo) {
matches[1] === 'local' && req.body['remember-me'] === 'on' matches[1] === 'local' && req.body['remember-me'] === 'on'
) )
res.redirect(basePath) res.redirect('/')
})(req, res, next) })(req, res, next)
} }
@ -197,7 +194,7 @@ async function setUpPassport (express, xo) {
} else if (/favicon|fontawesome|images|styles/.test(req.url)) { } else if (/favicon|fontawesome|images|styles/.test(req.url)) {
next() next()
} else { } else {
return res.redirect(`${basePath}/signin`) return res.redirect('/signin')
} }
}) })