commit ec8028aef24ed97910a7aaec283d765664193112
parent 63cbd9ef9c23ff7a13dfbbb7723fbb6ed4c5dc13
Author: Daniel GarcĂa <dani-garcia@users.noreply.github.com>
Date: Sun, 3 May 2020 22:27:09 +0200
Merge pull request #979 from jjlin/admin-redirect
Use absolute URIs for admin page redirects
Diffstat:
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/api/admin.rs b/src/api/admin.rs
@@ -57,6 +57,12 @@ fn admin_path() -> String {
format!("{}{}", CONFIG.domain_path(), ADMIN_PATH)
}
+/// Used for `Location` response headers, which must specify an absolute URI
+/// (see https://tools.ietf.org/html/rfc2616#section-14.30).
+fn admin_url() -> String {
+ format!("{}{}", CONFIG.domain(), ADMIN_PATH)
+}
+
#[get("/", rank = 2)]
fn admin_login(flash: Option<FlashMessage>) -> ApiResult<Html<String>> {
// If there is an error, show it
@@ -81,7 +87,7 @@ fn post_admin_login(data: Form<LoginForm>, mut cookies: Cookies, ip: ClientIp) -
if !_validate_token(&data.token) {
error!("Invalid admin token. IP: {}", ip.ip);
Err(Flash::error(
- Redirect::to(admin_path()),
+ Redirect::to(admin_url()),
"Invalid admin token, please try again.",
))
} else {
@@ -97,7 +103,7 @@ fn post_admin_login(data: Form<LoginForm>, mut cookies: Cookies, ip: ClientIp) -
.finish();
cookies.add(cookie);
- Ok(Redirect::to(admin_path()))
+ Ok(Redirect::to(admin_url()))
}
}
@@ -185,7 +191,7 @@ fn test_smtp(data: Json<InviteData>, _token: AdminToken) -> EmptyResult {
#[get("/logout")]
fn logout(mut cookies: Cookies) -> Result<Redirect, ()> {
cookies.remove(Cookie::named(COOKIE_NAME));
- Ok(Redirect::to(admin_path()))
+ Ok(Redirect::to(admin_url()))
}
#[get("/users")]
