diff options
author | Sorin Davidoi <sorin.davidoi@protonmail.com> | 2018-09-07 05:42:16 +0200 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2018-09-07 05:42:16 +0200 |
commit | 10680f93e7d6333d43aabc4c6f251a076120231c (patch) | |
tree | 34acae19ca01914ddb1ed7c5c4f86447887f029c | |
parent | 0c5db3163a2599013252a75d488518fcf88aad65 (diff) |
feat(auth/session_controller): Send Clear-Site-Data when logging out (#8627)
Will clear the browser's cache, cookies and storage. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data https://w3c.github.io/webappsec-clear-site-data/
-rw-r--r-- | app/controllers/auth/sessions_controller.rb | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index 62b4a6377..b0d974ff8 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -10,6 +10,7 @@ class Auth::SessionsController < Devise::SessionsController prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create] before_action :set_instance_presenter, only: [:new] before_action :set_body_classes + after_action :clear_site_data, only: [:destroy] def new Devise.omniauth_configs.each do |provider, config| @@ -121,4 +122,10 @@ class Auth::SessionsController < Devise::SessionsController end paths end + + def clear_site_data + # Should be '"*"' but that doen't work in Chrome (neither does '"executionContexts"') + # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data + response.headers['Clear-Site-Data'] = '"cache", "cookies", "storage"' + end end |