This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.

David Taylor 7a52ce0d6d FIX: Strip discourse-logged-in header during force_anonymous! (#14533) ... When the anonymous cache forces users into anonymous mode, it strips the cookies from their request. However, the discourse-logged-in header from the JS client remained. When the discourse-logged-in header is present without any valid auth_token, the current_user_provider [marks the request as ['logged out'](dbbfad7ed0/lib/auth/default_current_user_provider.rb (L125-L125)), and a [discourse-logged-out header is returned to the client](dbbfad7ed0/lib/middleware/request_tracker.rb (L209-L211)). This causes the JS app to [popup a "you were logged out" modal](dbbfad7ed0/app/assets/javascripts/discourse/app/components/d-document.js (L29-L29)), which is very disruptive. This commit strips the discourse-logged-in header from the request at the same time as the auth cookie.		2021-10-07 12:31:42 +01:00
..
anonymous_cache.rb	FIX: Strip discourse-logged-in header during force_anonymous! (#14533)	2021-10-07 12:31:42 +01:00
discourse_public_exceptions.rb	FIX: avoid superflous logging when mime type is bad	2020-01-02 12:34:38 +11:00
enforce_hostname.rb	DEV: Correct typos and spelling mistakes (#12812)	2021-05-21 11:43:47 +10:00
missing_avatars.rb	DEV: enable frozen string literal on all files	2019-05-13 09:31:32 +08:00
omniauth_bypass_middleware.rb	FIX: Redirect to provided origin after auth (#12558)	2021-03-31 10:23:12 +01:00
request_tracker.rb	FEATURE: Rate limit exceptions via ENV (#14033)	2021-08-13 12:00:23 -03:00
turbo_dev.rb	Add rubocop to our build. (#5004)	2017-07-28 10:20:09 +09:00