Fix link/origin referrer and login redirect (#36279)

Fix #35998 1. Fix `<a rel>` : * "_blank" already means "noopener" * "noreferrer" is already provided by page's `<meta name="referrer">` 2. Fix "redirect_to" mechisam * Use "referer" header to determine the redirect link for a successful login 3. Simplify code and merge duplicate logic
2026-01-03 11:43:04 +08:00
parent 6fb3547417
commit b79dbfa990
46 changed files with 141 additions and 168 deletions
@@ -24,7 +24,7 @@ func BlockExpensive() func(next http.Handler) http.Handler {
 			ret := determineRequestPriority(reqctx.FromContext(req.Context()))
 			if !ret.SignedIn {
 				if ret.Expensive || ret.LongPolling {
-					http.Redirect(w, req, setting.AppSubURL+"/user/login", http.StatusSeeOther)
+					http.Redirect(w, req, middleware.RedirectLinkUserLogin(req), http.StatusSeeOther)
 					return
 				}
 			}