Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

failure_app::recall doesn't take into account relative_url_root #3738

Closed
stanhu opened this issue Sep 5, 2015 · 0 comments
Closed

failure_app::recall doesn't take into account relative_url_root #3738

stanhu opened this issue Sep 5, 2015 · 0 comments

Comments

@stanhu
Copy link
Contributor

stanhu commented Sep 5, 2015

When a login failure occurs, Warden sends back a full path in attempted_path, but devise's failure_app assumes the path does not contain a relative URL root and assigns it to PATH_INFO:

  def recall
      env["PATH_INFO"]  = attempted_path
      flash.now[:alert] = i18n_message(:invalid) if is_flashing_format?
      self.response = recall_app(warden_options[:recall]).call(env)
    end

For example, suppose:

  1. relative_url_root = /base_app
  2. attempted_path = /base_app/resource.
  3. In this case, PATH_INFO is assigned /base_app/resource.
  4. However, SessionController::store_redirect_path will call request.fullpath, which then makes the path /base_app/base_app/resource. Note the redundant base_app.

PATH_INFO should only contain the part of the path that excludes the relative URL root, since SCRIPT_NAME includes the relative URL part (see http://api.rubyonrails.org/classes/ActionDispatch/Routing/UrlFor.html) for more details.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stanhu