You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Fixed
Unauthenticated access to a protected web page no longer 500s. The web
authentication guard (require_browser_session!) raises NotAuthenticatedError / InvalidSessionError (for missing / expired /
revoked sessions) rather than redirecting. The API base controller rescued
these, but the web base controller did not — so an unauthenticated request to
a protected web page (e.g. /sessions) surfaced as a 500 instead of bouncing
to login. The web base controller now rescues both and redirects to the login
page, preserving the original destination.