[wp-meta] [Making WordPress.org] #3821: Improve Trac Logout - Return user to current page
Making WordPress.org
noreply at wordpress.org
Mon Sep 24 03:49:39 UTC 2018
#3821: Improve Trac Logout - Return user to current page
------------------------------------+---------------------
Reporter: garrett-eclipse | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Login & Authentication | Resolution:
Keywords: |
------------------------------------+---------------------
Comment (by dd32):
This isn't 100% straight forward, as the `Logout` link in Trac isn't a
link at all.
The logout on Trac is a form, which once submitted to Trac is redirected
to the login logout functionality without a nonce. The nonce is required
to prevent a user maliciously logging out users (ie. inserting an image
into a trac ticket of `https://login.wordpress.org/logout?yes-i-really-
want-to`), and Trac can't generate that nonce.
With r7696 we'll be able to update the nginx redirect on Trac to pass the
referer through, but I'll need to make a systems request to get that
actioned.
It should just be changing a nginx location block to something like this I
think:
{{{
location = /logout {
return 301
https://login.wordpress.org/logout?redirect_to=$http_referer;
}
}}}
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/3821#comment:3>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list