github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-22 19:46:55 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
68708db721
discourse/app
History
Dan Ungureanu 34a76bf106 FIX: Do not set destination_url cookie after deleting own account. (#8028) 
destination_url cookie is used to redirect the user to the a private
page after they have logged in. After deleting own account, a user's
pages would be refreshed which would set the destination_url, cookie
that can cause a redirect to an invalid page after logging in again.

Reproduction steps:

1. User is at `/u/:username/preferences/account` and deletes account by
requesting DELETE `/u/:username.json`.

2. User is being destroyed and a MessageBus message (`file-change`,
`['refresh']`) is published.

3. User receives response to DELETE request, but page may be or not
refreshed. Anyway, since they can no longer see the preferences page,
they are redirected to `/login` and `destination_url` cookie is set,
that will redirect on next login (but to the previous preferences page).
2019-08-22 17:42:45 +02:00
..
assets prettier (#8031) 2019-08-22 15:27:45 +02:00
controllers FIX: Allow topic edits when using a hidden tag 2019-08-21 16:33:01 -04:00
helpers SECURITY: add rate limiting to anon JS error reporting 2019-08-20 11:29:11 +10:00
jobs FIX: Don't try to delete staged, unused admins and mods 2019-08-21 15:29:51 +02:00
mailers FEATURE: customization of html emails (#7934) 2019-07-30 15:05:08 -04:00
models FIX: Regularly reset unknown extension of uploads 2019-08-21 10:23:20 +02:00
serializers Revert "FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)" 2019-08-20 13:29:22 -03:00
services FIX: Do not set destination_url cookie after deleting own account. (#8028) 2019-08-22 17:42:45 +02:00
views FIX: properly load desktop and mobile only plugin css assets. 2019-08-22 08:39:10 +05:30