Commit 746b7e2d authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'only_redirect_to_referer_from_public' into 'master'

Only redirect to referrer from public GitLab pages

See merge request !995
parents 00c67238 3a6f9c09
class SessionsController < Devise::SessionsController class SessionsController < Devise::SessionsController
def new def new
redirect_url = if request.referer.present? redirect_path = if request.referer.present? && (params['redirect_to_referer'] == 'yes')
referer_uri = URI(request.referer) referer_uri = URI(request.referer)
if referer_uri.host == Gitlab.config.gitlab.host if referer_uri.host == Gitlab.config.gitlab.host
referer_uri.path referer_uri.path
...@@ -12,7 +12,11 @@ class SessionsController < Devise::SessionsController ...@@ -12,7 +12,11 @@ class SessionsController < Devise::SessionsController
request.fullpath request.fullpath
end end
store_location_for(:redirect, redirect_url) # Prevent a 'you are already signed in' message directly after signing:
# we should never redirect to '/users/sign_in' after signing in successfully.
unless redirect_path == '/users/sign_in'
store_location_for(:redirect, redirect_path)
end
super super
end end
......
...@@ -13,10 +13,10 @@ ...@@ -13,10 +13,10 @@
%i.icon-reorder %i.icon-reorder
.pull-right.hidden-xs .pull-right.hidden-xs
= link_to "Sign in", new_session_path(:user), class: 'btn btn-sign-in btn-new' = link_to "Sign in", new_session_path(:user, redirect_to_referer: 'yes'), class: 'btn btn-sign-in btn-new'
.navbar-collapse.collapse .navbar-collapse.collapse
%ul.nav.navbar-nav %ul.nav.navbar-nav
%li.visible-xs %li.visible-xs
= link_to "Sign in", new_session_path(:user) = link_to "Sign in", new_session_path(:user, redirect_to_referer: 'yes')
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment