From 727ac6483bc6acd35ad4aa277eeb55189f627dac Mon Sep 17 00:00:00 2001 From: ecrode Date: Thu, 7 Nov 2019 12:38:10 -0500 Subject: [PATCH] Clear password when redirecting to login Should prevent endless redirects when the cookie is set on a different path or domain (like with a dot prefix). --- src/node/server.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/node/server.ts b/src/node/server.ts index a6613bd2e..92c406282 100644 --- a/src/node/server.ts +++ b/src/node/server.ts @@ -298,7 +298,10 @@ export abstract class Server { return response; } if (!this.authenticate(request)) { - return { redirect: "/login" }; + return { + redirect: "/login", + headers: { "Set-Cookie": `password=` } + }; } break; case "/static":