feat(auth/session_controller): Send Clear-Site-Data when logging out (#8627)
Will clear the browser's cache, cookies and storage. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data https://w3c.github.io/webappsec-clear-site-data/gh/stable
parent
0c5db3163a
commit
10680f93e7
|
@ -10,6 +10,7 @@ class Auth::SessionsController < Devise::SessionsController
|
||||||
prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create]
|
prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create]
|
||||||
before_action :set_instance_presenter, only: [:new]
|
before_action :set_instance_presenter, only: [:new]
|
||||||
before_action :set_body_classes
|
before_action :set_body_classes
|
||||||
|
after_action :clear_site_data, only: [:destroy]
|
||||||
|
|
||||||
def new
|
def new
|
||||||
Devise.omniauth_configs.each do |provider, config|
|
Devise.omniauth_configs.each do |provider, config|
|
||||||
|
@ -121,4 +122,10 @@ class Auth::SessionsController < Devise::SessionsController
|
||||||
end
|
end
|
||||||
paths
|
paths
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def clear_site_data
|
||||||
|
# Should be '"*"' but that doen't work in Chrome (neither does '"executionContexts"')
|
||||||
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data
|
||||||
|
response.headers['Clear-Site-Data'] = '"cache", "cookies", "storage"'
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Reference in New Issue