Commit 3e0cc37e authored by Jacob Vosmaer's avatar Jacob Vosmaer Committed by Dmitriy Zaporozhets

Only redirect to referrer from public GitLab pages

parent 73acfe9c
class SessionsController < Devise::SessionsController
def new
redirect_url = if request.referer.present?
redirect_path = if request.referer.present? && (params['redirect_to_referer'] == 'yes')
referer_uri = URI(request.referer)
if referer_uri.host == Gitlab.config.gitlab.host
referer_uri.path
......@@ -12,7 +12,11 @@ class SessionsController < Devise::SessionsController
request.fullpath
end
store_location_for(:redirect, redirect_url)
# Prevent a 'you are already signed in' message directly after signing:
# we should never redirect to '/users/sign_in' after signing in successfully.
unless redirect_path == '/users/sign_in'
store_location_for(:redirect, redirect_path)
end
super
end
......
......@@ -13,10 +13,10 @@
%i.icon-reorder
.pull-right.hidden-xs
= link_to "Sign in", new_session_path(:user), class: 'btn btn-sign-in btn-new'
= link_to "Sign in", new_session_path(:user, redirect_to_referer: 'yes'), class: 'btn btn-sign-in btn-new'
.navbar-collapse.collapse
%ul.nav.navbar-nav
%li.visible-xs
= link_to "Sign in", new_session_path(:user)
= link_to "Sign in", new_session_path(:user, redirect_to_referer: 'yes')
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment