Skip to content
Permalink
Browse files

Issue #9040 - Auth saving json in Auth.redirect

AuthComponent is storing JSON or any other AJAX request URL into the session variable Auth.redirect used for login redirect if the AJAX request does not send the X-Requested-With:XMLHttpRequest header.

If you send an ajax request without that header and your request is not a (.json) it will store the URL anyway.
  • Loading branch information...
gestudio committed Jun 27, 2016
1 parent 92a50d0 commit 2c112095a94706f0a438478fe714908f67786228
Showing with 1 addition and 1 deletion.
  1. +1 −1 lib/Cake/Controller/Component/AuthComponent.php
@@ -359,7 +359,7 @@ protected function _unauthenticated(Controller $controller) {
return true;
}
if (!$controller->request->is('ajax')) {
if (!$controller->request->is('ajax') && !$controller->request->is('json')) {
$this->flash($this->authError);
$this->Session->write('Auth.redirect', $controller->request->here(false));
$controller->redirect($this->loginAction);

0 comments on commit 2c11209

Please sign in to comment.
You can’t perform that action at this time.