Skip to content

v0.26.3

Choose a tag to compare

@github-actions github-actions released this 15 Jun 05:41
097252b

Fixed

  • Unauthenticated access to a protected web page no longer 500s. The web
    authentication guard (require_browser_session!) raises
    NotAuthenticatedError / InvalidSessionError (for missing / expired /
    revoked sessions) rather than redirecting. The API base controller rescued
    these, but the web base controller did not — so an unauthenticated request to
    a protected web page (e.g. /sessions) surfaced as a 500 instead of bouncing
    to login. The web base controller now rescues both and redirects to the login
    page, preserving the original destination.