Permalink
Browse files

Make permission denied redirects host relative.

This helps fix infinite redirect loops when HTTP_X_FORWARDED_HOST is
set, and Fixes redirects back to external domains on authentication
errors.

Fixes #3207
  • Loading branch information...
1 parent d33f676 commit 0282194c205816309dacbbd8fe562ebc10eaf143 @markstory markstory committed Sep 14, 2012
Showing with 1 addition and 1 deletion.
  1. +1 −1 lib/Cake/Controller/Component/AuthComponent.php
@@ -332,7 +332,7 @@ public function startup(Controller $controller) {
if (!empty($this->loginRedirect)) {
$default = $this->loginRedirect;
}
- $controller->redirect($controller->referer($default), null, true);
+ $controller->redirect($controller->referer($default, true), null, true);
return false;
}

0 comments on commit 0282194

Please sign in to comment.