Commit c1fe98e0 authored by Stan Hu's avatar Stan Hu

Prevent too many redirects error when home page URL set to external_urll

Many users naively set the home page URL setting to external_url
(e.g. https://mydomain.com). When an unauthenticated user signs in, this
causes endless redirections. For example, this is occuring:

1. Unauthenticated user attempts to access https://mydomain.com/dashboard
2. Application redirects to the home page URL: https://mydomain.com
3. Repeat step 2

In step 3, ApplicationController should have redirected the user to
https://mydomain.com/users/sign_in. Disabling the redirection if home
page URL is the same as external_url prevents users from messing up.

Closes https://github.com/gitlabhq/gitlabhq/issues/8843
Closes #2057
parent 068dcefc
Please view this file on the master branch, on stable branches it's out of date.
v 8.0.0 (unreleased)
- Prevent too many redirects upon login when home page URL is set to external_url (Stan Hu)
- Improve dropdown positioning on the project home page (Hannes Rosenögger)
- Upgrade browser gem to 1.0.0 to avoid warning in IE11 compatibilty mode (Stan Hu)
- Fix "Reload with full diff" URL button in compare branch view (Stan Hu)
......
......@@ -55,7 +55,9 @@ def authenticate_user_from_token!
def authenticate_user!(*args)
# If user is not signed-in and tries to access root_path - redirect him to landing page
if current_application_settings.home_page_url.present?
# Don't redirect to the default URL to prevent endless redirections
if current_application_settings.home_page_url.present? &&
current_application_settings.home_page_url.chomp('/') != Gitlab.config.gitlab['url'].chomp('/')
if current_user.nil? && root_path == request.path
redirect_to current_application_settings.home_page_url and return
end
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment