feat(auth/session_controller): Send Clear-Site-Data when logging out (#8627)
Will clear the browser's cache, cookies and storage. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data https://w3c.github.io/webappsec-clear-site-data/
This commit is contained in:
		
							parent
							
								
									462d4f6b80
								
							
						
					
					
						commit
						0c756cfd54
					
				
					 1 changed files with 7 additions and 0 deletions
				
			
		|  | @ -10,6 +10,7 @@ class Auth::SessionsController < Devise::SessionsController | ||||||
|   prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create] |   prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create] | ||||||
|   before_action :set_instance_presenter, only: [:new] |   before_action :set_instance_presenter, only: [:new] | ||||||
|   before_action :set_body_classes |   before_action :set_body_classes | ||||||
|  |   after_action :clear_site_data, only: [:destroy] | ||||||
| 
 | 
 | ||||||
|   def new |   def new | ||||||
|     Devise.omniauth_configs.each do |provider, config| |     Devise.omniauth_configs.each do |provider, config| | ||||||
|  | @ -121,4 +122,10 @@ class Auth::SessionsController < Devise::SessionsController | ||||||
|     end |     end | ||||||
|     paths |     paths | ||||||
|   end |   end | ||||||
|  | 
 | ||||||
|  |   def clear_site_data | ||||||
|  |     # Should be '"*"' but that doen't work in Chrome (neither does '"executionContexts"') | ||||||
|  |     # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data | ||||||
|  |     response.headers['Clear-Site-Data'] = '"cache", "cookies", "storage"' | ||||||
|  |   end | ||||||
| end | end | ||||||
|  |  | ||||||
		Loading…
	
		Reference in a new issue