34a76bf106
destination_url cookie is used to redirect the user to the a private page after they have logged in. After deleting own account, a user's pages would be refreshed which would set the destination_url, cookie that can cause a redirect to an invalid page after logging in again. Reproduction steps: 1. User is at `/u/:username/preferences/account` and deletes account by requesting DELETE `/u/:username.json`. 2. User is being destroyed and a MessageBus message (`file-change`, `['refresh']`) is published. 3. User receives response to DELETE request, but page may be or not refreshed. Anyway, since they can no longer see the preferences page, they are redirected to `/login` and `destination_url` cookie is set, that will redirect on next login (but to the previous preferences page). |
||
|---|---|---|
| .. | ||
| spam_rule | ||
| anonymous_shadow_creator.rb | ||
| badge_granter.rb | ||
| color_scheme_revisor.rb | ||
| destroy_task.rb | ||
| email_style_updater.rb | ||
| group_action_logger.rb | ||
| group_mentions_updater.rb | ||
| group_message.rb | ||
| handle_chunk_upload.rb | ||
| heat_settings_updater.rb | ||
| inline_uploads.rb | ||
| notification_emailer.rb | ||
| post_action_notifier.rb | ||
| post_alerter.rb | ||
| post_owner_changer.rb | ||
| push_notification_pusher.rb | ||
| random_topic_selector.rb | ||
| search_indexer.rb | ||
| site_settings_task.rb | ||
| staff_action_logger.rb | ||
| themes_install_task.rb | ||
| topic_status_updater.rb | ||
| topic_timestamp_changer.rb | ||
| tracked_topics_updater.rb | ||
| trust_level_granter.rb | ||
| user_action_manager.rb | ||
| user_activator.rb | ||
| user_anonymizer.rb | ||
| user_authenticator.rb | ||
| user_destroyer.rb | ||
| user_merger.rb | ||
| user_notification_renderer.rb | ||
| user_silencer.rb | ||
| user_updater.rb | ||
| username_changer.rb | ||
| username_checker_service.rb | ||
| wildcard_domain_checker.rb | ||
| wildcard_url_checker.rb | ||
| word_watcher.rb | ||