diff options
| -rw-r--r-- | app/controllers/account_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/my_controller.rb | 1 | ||||
| -rw-r--r-- | lib/redmine/sudo_mode.rb | 1 | ||||
| -rw-r--r-- | test/functional/account_controller_test.rb | 2 | ||||
| -rw-r--r-- | test/functional/my_controller_test.rb | 1 | ||||
| -rw-r--r-- | test/integration/sudo_mode_test.rb | 8 |
6 files changed, 15 insertions, 0 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 5e615d17f..2edc68729 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -36,6 +36,7 @@ class AccountController < ApplicationController redirect_back_or_default home_url, :referer => true end end + no_store rescue AuthSourceException => e logger.error "An error occurred when authenticating #{params[:username]}: #{e.message}" render_error :message => e.message @@ -95,6 +96,7 @@ class AccountController < ApplicationController end end end + no_store render :template => "account/password_recovery" return else diff --git a/app/controllers/my_controller.rb b/app/controllers/my_controller.rb index 01fe3995c..35483c8ef 100644 --- a/app/controllers/my_controller.rb +++ b/app/controllers/my_controller.rb @@ -115,6 +115,7 @@ class MyController < ApplicationController end end end + no_store end # Create a new feeds key diff --git a/lib/redmine/sudo_mode.rb b/lib/redmine/sudo_mode.rb index 806d06788..8044fa252 100644 --- a/lib/redmine/sudo_mode.rb +++ b/lib/redmine/sudo_mode.rb @@ -124,6 +124,7 @@ module Redmine @sudo_form.original_fields = params.slice(*param_names) # a simple 'render "sudo_mode/new"' works when used directly inside an # action, but not when called from a before_action: + no_store respond_to do |format| format.html {render 'sudo_mode/new'} format.js {render 'sudo_mode/new'} diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb index 31ba88fb5..1dd14a24a 100644 --- a/test/functional/account_controller_test.rb +++ b/test/functional/account_controller_test.rb @@ -27,6 +27,7 @@ class AccountControllerTest < Redmine::ControllerTest def test_get_login get :login assert_response :success + assert_includes @response.headers['Cache-Control'], 'no-store' assert_select 'input[name=username][autocomplete=username]' assert_select 'input[name=password][autocomplete=current-password]' @@ -521,6 +522,7 @@ class AccountControllerTest < Redmine::ControllerTest get :lost_password assert_response :success + assert_includes @response.headers['Cache-Control'], 'no-store' assert_select 'input[type=hidden][name=token][value=?]', token.value end diff --git a/test/functional/my_controller_test.rb b/test/functional/my_controller_test.rb index 342c97a3d..3066f68e0 100644 --- a/test/functional/my_controller_test.rb +++ b/test/functional/my_controller_test.rb @@ -599,6 +599,7 @@ class MyControllerTest < Redmine::ControllerTest def test_change_password get :password assert_response :success + assert_includes @response.headers['Cache-Control'], 'no-store' assert_select 'input[type=password][name=password][autocomplete=current-password]' assert_select 'input[type=password][name=new_password][autocomplete=new-password]' assert_select 'input[type=password][name=new_password_confirmation][autocomplete=new-password]' diff --git a/test/integration/sudo_mode_test.rb b/test/integration/sudo_mode_test.rb index 9fbbfd725..0c7de64e0 100644 --- a/test/integration/sudo_mode_test.rb +++ b/test/integration/sudo_mode_test.rb @@ -259,6 +259,14 @@ class SudoModeTest < Redmine::IntegrationTest end end + def test_sudo_mode_should_include_cache_control_no_store + log_user("admin", "admin") + expire_sudo_mode! + get '/settings' + assert_response :success + assert_includes @response.headers['Cache-Control'], 'no-store' + end + private # sudo mode is active after sign, let it expire by advancing the time |