mirror of
https://github.com/discourse/discourse.git
synced 2024-11-26 10:55:54 +08:00
FIX: Do not set destination_url cookie after deleting own account. (#8028)
destination_url cookie is used to redirect the user to the a private page after they have logged in. After deleting own account, a user's pages would be refreshed which would set the destination_url, cookie that can cause a redirect to an invalid page after logging in again. Reproduction steps: 1. User is at `/u/:username/preferences/account` and deletes account by requesting DELETE `/u/:username.json`. 2. User is being destroyed and a MessageBus message (`file-change`, `['refresh']`) is published. 3. User receives response to DELETE request, but page may be or not refreshed. Anyway, since they can no longer see the preferences page, they are redirected to `/login` and `destination_url` cookie is set, that will redirect on next login (but to the previous preferences page).
This commit is contained in:
parent
e94f67e2da
commit
34a76bf106
|
@ -111,7 +111,7 @@ class UserDestroyer
|
||||||
end
|
end
|
||||||
StaffActionLogger.new(deleted_by).log_user_deletion(user, opts.slice(:context))
|
StaffActionLogger.new(deleted_by).log_user_deletion(user, opts.slice(:context))
|
||||||
end
|
end
|
||||||
MessageBus.publish "/file-change", ["refresh"], user_ids: [result.id]
|
MessageBus.publish "/logout", result.id, user_ids: [result.id]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user