Clear password when redirecting to login

ecrode · code-asher · commit 727ac6483bc6 · 2019-11-07T11:38:10.000-06:00
Should prevent endless redirects when the cookie is set on a different path or domain (like with a dot prefix).
diff --git a/src/node/server.ts b/src/node/server.ts
@@ -298,7 +298,10 @@ export abstract class Server {
 						return response;
 				}
 				if (!this.authenticate(request)) {
-					return { redirect: "/login" };
+					return { 
+			   			redirect: "/login",
+			   			headers: { "Set-Cookie": `password=` }
+			   		};
 				}
 				break;
 			case "/static":

Original file line number	Diff line number	Diff line change
`@@ -298,7 +298,10 @@ export abstract class Server {`
`298`	`298`	`return response;`
`299`	`299`	`}`
`300`	`300`	`if (!this.authenticate(request)) {`
`301`		`- return { redirect: "/login" };`
	`301`	`+ return {`
	`302`	`+ redirect: "/login",`
	`303`	+ headers: { "Set-Cookie": `password=` }
	`304`	`+ };`
`302`	`305`	`}`
`303`	`306`	`break;`
`304`	`307`	`case "/static":`