Clear password when redirecting to login
Should prevent endless redirects when the cookie is set on a different path or domain (like with a dot prefix).
This commit is contained in:
parent
2c15c09fc0
commit
727ac6483b
1 changed files with 4 additions and 1 deletions
|
@ -298,7 +298,10 @@ export abstract class Server {
|
||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
if (!this.authenticate(request)) {
|
if (!this.authenticate(request)) {
|
||||||
return { redirect: "/login" };
|
return {
|
||||||
|
redirect: "/login",
|
||||||
|
headers: { "Set-Cookie": `password=` }
|
||||||
|
};
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case "/static":
|
case "/static":
|
||||||
|
|
Loading…
Reference in a new issue