jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fixes #2620: Users who logged in securely should always be redirected to the HTTPS version of Danbooru

Browse Source
This commit is contained in:
r888888888
2016-07-18 16:41:38 -07:00
parent 8ea992168b
commit 122970bc11
2 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/controllers/application_controller.rb
View File

@@ -11,6 +11,7 @@ class ApplicationController < ActionController::Base
before_filter :set_safe_mode before_filter :set_safe_mode
# before_filter :secure_cookies_check # before_filter :secure_cookies_check
layout "default" layout "default"
force_ssl :if => :ssl_login?
rescue_from Exception, :with => :rescue_exception rescue_from Exception, :with => :rescue_exception
rescue_from User::PrivilegeError, :with => :access_denied rescue_from User::PrivilegeError, :with => :access_denied
@@ -18,6 +19,10 @@ class ApplicationController < ActionController::Base
rescue_from Danbooru::Paginator::PaginationError, :with => :render_pagination_limit rescue_from Danbooru::Paginator::PaginationError, :with => :render_pagination_limit
protected protected
def ssl_login?
cookies[:ssl_login].present?
end
def enable_cors def enable_cors
response.headers["Access-Control-Allow-Origin"] = "*" response.headers["Access-Control-Allow-Origin"] = "*"
end end

8
app/logical/session_creator.rb
View File

@@ -28,6 +28,14 @@ class SessionCreator
} }
end end
if secure
cookies.permanent[:ssl_login] = {
:value => "1",
:secure => true,
:httponly => true
}
end
session[:user_id] = user.id session[:user_id] = user.id
user.update_column(:last_ip_addr, ip_addr) user.update_column(:last_ip_addr, ip_addr)
return true return true