public resources should not set redirect_to cookie
#11088
Labels
Comments
silverwind
changed the title
public resources should not redirect to /user/loginpublic resources should not cause redirect_to cookie to be set
silverwind
changed the title
public resources should not cause redirect_to cookie to be setpublic resources should not cause redirect_to cookie to be set
silverwind
changed the title
public resources should not cause redirect_to cookie to be setpublic resources should not set redirect_to cookie
silverwind
added a commit
to silverwind/gitea
that referenced
this issue
Apr 16, 2020
Workaround for go-gitea#11088, was introduced in go-gitea@561e7a9.
|
Fixed in #11091 |
|
No, not fixed, it's just a workaround. Proper fix will be in the router, I plan to look into it. |
silverwind
added a commit
to silverwind/gitea
that referenced
this issue
Apr 17, 2020
Instead of further handling requests to `public` which causes issues like go-gitea#11088, immediately terminate requests to directories `js`, `css`, `fomantic` if no file is found which is checked against a hardcoded list. Maybe there is a way to retrieve the top-level entries below `public` in a dynamic fashion. I also added `fomantic` to the reserved usernames and sorted the list. Fixes: go-gitea#11088
zeripath
pushed a commit
that referenced
this issue
Apr 18, 2020
Instead of further handling requests to public which causes issues like #11088, immediately terminate requests to directories js, css, fomantic if no file is found which is checked against a hardcoded list. Maybe there is a way to retrieve the top-level entries below public in a dynamic fashion. I also added fomantic to the reserved usernames and sorted the list. Fixes: #11088
ydelafollye
pushed a commit
to ydelafollye/gitea
that referenced
this issue
Jul 31, 2020
Instead of further handling requests to public which causes issues like go-gitea#11088, immediately terminate requests to directories js, css, fomantic if no file is found which is checked against a hardcoded list. Maybe there is a way to retrieve the top-level entries below public in a dynamic fashion. I also added fomantic to the reserved usernames and sorted the list. Fixes: go-gitea#11088
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
/js/userheatmap.jsis currently requested by the serviceworker which is a bug in itself but the request causes a bad cookie to be set when authentication is enabled:The next time the user logs in with that cookie set, they will be redirected to /js/userheatmap.js which causes a page loading error. We should just 404 any requests that would be routed to a file in
public, or at least the js/css/img/vendor folders.The text was updated successfully, but these errors were encountered: