Fix link/origin referrer and login redirect (#36279)

Fix #35998 1. Fix `<a rel>` : * "_blank" already means "noopener" * "noreferrer" is already provided by page's `<meta name="referrer">` 2. Fix "redirect_to" mechisam * Use "referer" header to determine the redirect link for a successful login 3. Simplify code and merge duplicate logic
2026-02-07 09:49:41 +09:00 · 2026-01-03 11:43:04 +08:00
parent 6fb3547417
commit b79dbfa990
46 changed files with 141 additions and 168 deletions
--- a/tests/integration/signin_test.go
+++ b/tests/integration/signin_test.go
@@ -184,7 +184,7 @@ func TestRequireSignInView(t *testing.T) {
 		defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
 		req := NewRequest(t, "GET", "/user2/repo1/src/branch/master")
 		resp := MakeRequest(t, req, http.StatusSeeOther)
-		assert.Equal(t, "/user/login", resp.Header().Get("Location"))
+		assert.Equal(t, "/user/login?redirect_to=%2Fuser2%2Frepo1%2Fsrc%2Fbranch%2Fmaster", resp.Header().Get("Location"))
 	})
 	t.Run("BlockAnonymousAccessExpensive", func(t *testing.T) {
 		defer test.MockVariableValue(&setting.Service.RequireSignInViewStrict, false)()
@@ -196,6 +196,6 @@ func TestRequireSignInView(t *testing.T) {

 		req = NewRequest(t, "GET", "/user2/repo1/src/branch/master")
 		resp := MakeRequest(t, req, http.StatusSeeOther)
-		assert.Equal(t, "/user/login", resp.Header().Get("Location"))
+		assert.Equal(t, "/user/login?redirect_to=%2Fuser2%2Frepo1%2Fsrc%2Fbranch%2Fmaster", resp.Header().Get("Location"))
 	})
 }