Change redirect after login form submit #944
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Use uri_for on redirect URI only if no params are attached.
(This problem only happens when submitting the login form! Prior redirects to shibboleth instances for example are exempt from this, because they don't submit the login form.)
When redirecting to a URL that has parameters attached, the sub
uri_for
does not recognize these parameters as such. The sub expects parameters to be given separately from the base URI.Instead, in this case, the full URL is used as $path (expecting a clean URL path). This results in undecoded questionmarks in the actual redirect URI and the user lands on a 404 page.
Example:
Requested URL is
http://localhost:5001/librecat/search/admin?sort=author.asc
User gets to the login form, logs in.
The redirect, however, will lead to:
http://localhost:5001/librecat/search/admin%3Fsort=author.asc