]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/users_controller.rb
projects / rails.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Validate any origin passed the auth failure callback
[rails.git] / app / controllers / users_controller.rb
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index b90fbea11c761f4b611368cb75b6ae5a074d8741..23263ebba2267a8815988d43ca06fae1afcf28e4 100644 (file)
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -332,7 +332,10 @@ class UsersController < ApplicationController
   # omniauth failure callback
   def auth_failure
     flash[:error] = t(params[:message], :scope => "users.auth_failure", :default => t("users.auth_failure.unknown_error"))
-    redirect_to params[:origin] || login_url
+
+    origin = safe_referer(params[:origin]) if params[:origin]
+
+    redirect_to origin || login_url
   end
 
   private
The OpenStreetMap web site