Fix confirmation redirect to app without `Location` header (#18523)
parent
3e0e7a1cfb
commit
96129c2f10
|
@ -40,7 +40,7 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
|
||||||
|
|
||||||
def after_confirmation_path_for(_resource_name, user)
|
def after_confirmation_path_for(_resource_name, user)
|
||||||
if user.created_by_application && truthy_param?(:redirect_to_app)
|
if user.created_by_application && truthy_param?(:redirect_to_app)
|
||||||
user.created_by_application.redirect_uri
|
user.created_by_application.confirmation_redirect_uri
|
||||||
else
|
else
|
||||||
super
|
super
|
||||||
end
|
end
|
||||||
|
|
|
@ -12,4 +12,8 @@ module ApplicationExtension
|
||||||
def most_recently_used_access_token
|
def most_recently_used_access_token
|
||||||
@most_recently_used_access_token ||= access_tokens.where.not(last_used_at: nil).order(last_used_at: :desc).first
|
@most_recently_used_access_token ||= access_tokens.where.not(last_used_at: nil).order(last_used_at: :desc).first
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def confirmation_redirect_uri
|
||||||
|
redirect_uri.lines.first.strip
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -128,6 +128,13 @@ Doorkeeper.configure do
|
||||||
#
|
#
|
||||||
force_ssl_in_redirect_uri false
|
force_ssl_in_redirect_uri false
|
||||||
|
|
||||||
|
# Specify what redirect URI's you want to block during Application creation.
|
||||||
|
# Any redirect URI is whitelisted by default.
|
||||||
|
#
|
||||||
|
# You can use this option in order to forbid URI's with 'javascript' scheme
|
||||||
|
# for example.
|
||||||
|
forbid_redirect_uri { |uri| %w[data vbscript javascript].include?(uri.scheme.to_s.downcase) }
|
||||||
|
|
||||||
# Specify what grant flows are enabled in array of Strings. The valid
|
# Specify what grant flows are enabled in array of Strings. The valid
|
||||||
# strings and the flows they enable are:
|
# strings and the flows they enable are:
|
||||||
#
|
#
|
||||||
|
|
Reference in New Issue