Clear password when redirecting to login

Should prevent endless redirects when the cookie is set on a different path or domain (like with a dot prefix).
This commit is contained in:
ecrode 2019-11-07 12:38:10 -05:00 committed by Asher
parent 2c15c09fc0
commit 727ac6483b

View file

@ -298,7 +298,10 @@ export abstract class Server {
return response;
}
if (!this.authenticate(request)) {
return { redirect: "/login" };
return {
redirect: "/login",
headers: { "Set-Cookie": `password=` }
};
}
break;
case "/static":