Clear password when redirecting to login
Should prevent endless redirects when the cookie is set on a different path or domain (like with a dot prefix).
This commit is contained in:
parent
2c15c09fc0
commit
727ac6483b
@ -298,7 +298,10 @@ export abstract class Server {
|
||||
return response;
|
||||
}
|
||||
if (!this.authenticate(request)) {
|
||||
return { redirect: "/login" };
|
||||
return {
|
||||
redirect: "/login",
|
||||
headers: { "Set-Cookie": `password=` }
|
||||
};
|
||||
}
|
||||
break;
|
||||
case "/static":
|
||||
|
Reference in New Issue
Block a user