Clear password when redirecting to login

Should prevent endless redirects when the cookie is set on a different path or domain (like with a dot prefix).
This commit is contained in:
ecrode 2019-11-07 12:38:10 -05:00 committed by Asher
parent 2c15c09fc0
commit 727ac6483b

View file

@ -298,7 +298,10 @@ export abstract class Server {
return response; return response;
} }
if (!this.authenticate(request)) { if (!this.authenticate(request)) {
return { redirect: "/login" }; return {
redirect: "/login",
headers: { "Set-Cookie": `password=` }
};
} }
break; break;
case "/static": case "/static":