mirror of
https://github.com/discourse/discourse.git
synced 2025-01-18 20:52:46 +08:00
FIX: Strip discourse-logged-in
header during force_anonymous!
(#14533)
When the anonymous cache forces users into anonymous mode, it strips the cookies from their request. However, the discourse-logged-in header from the JS client remained. When the discourse-logged-in header is present without any valid auth_token, the current_user_provider [marks the request as ['logged out'](dbbfad7ed0/lib/auth/default_current_user_provider.rb (L125-L125)
), and a [discourse-logged-out header is returned to the client](dbbfad7ed0/lib/middleware/request_tracker.rb (L209-L211)
). This causes the JS app to [popup a "you were logged out" modal](dbbfad7ed0/app/assets/javascripts/discourse/app/components/d-document.js (L29-L29)
), which is very disruptive. This commit strips the discourse-logged-in header from the request at the same time as the auth cookie.
This commit is contained in:
parent
8a377130f4
commit
7a52ce0d6d
|
@ -171,6 +171,7 @@ module Middleware
|
|||
def force_anonymous!
|
||||
@env[Auth::DefaultCurrentUserProvider::USER_API_KEY] = nil
|
||||
@env['HTTP_COOKIE'] = nil
|
||||
@env['HTTP_DISCOURSE_LOGGED_IN'] = nil
|
||||
@env['rack.request.cookie.hash'] = {}
|
||||
@env['rack.request.cookie.string'] = ''
|
||||
@env['_bypass_cache'] = nil
|
||||
|
|
|
@ -186,7 +186,7 @@ describe Middleware::AnonymousCache do
|
|||
|
||||
app = Middleware::AnonymousCache.new(
|
||||
lambda do |env|
|
||||
is_anon = env["HTTP_COOKIE"].nil?
|
||||
is_anon = env["HTTP_COOKIE"].nil? && env["HTTP_DISCOURSE_LOGGED_IN"].nil?
|
||||
[200, {}, ["ok"]]
|
||||
end
|
||||
)
|
||||
|
@ -196,6 +196,7 @@ describe Middleware::AnonymousCache do
|
|||
|
||||
env = {
|
||||
"HTTP_COOKIE" => "_t=#{SecureRandom.hex}",
|
||||
"HTTP_DISCOURSE_LOGGED_IN" => "true",
|
||||
"HOST" => "site.com",
|
||||
"REQUEST_METHOD" => "GET",
|
||||
"REQUEST_URI" => "/somewhere/rainbow",
|
||||
|
|
Loading…
Reference in New Issue
Block a user