Fix link/origin referrer and login redirect (#36279)

Fix #35998 1. Fix `<a rel>` : * "_blank" already means "noopener" * "noreferrer" is already provided by page's `<meta name="referrer">` 2. Fix "redirect_to" mechisam * Use "referer" header to determine the redirect link for a successful login 3. Simplify code and merge duplicate logic
2026-01-03 11:43:04 +08:00
parent 6fb3547417
commit b79dbfa990
46 changed files with 141 additions and 168 deletions
@@ -26,7 +26,7 @@ var (
 func TwoFactor(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("twofa")

-	if CheckAutoLogin(ctx) {
+	if performAutoLogin(ctx) {
 		return
 	}

@@ -99,7 +99,7 @@ func TwoFactorPost(ctx *context.Context) {
 func TwoFactorScratch(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("twofa_scratch")

-	if CheckAutoLogin(ctx) {
+	if performAutoLogin(ctx) {
 		return
 	}

@@ -151,7 +151,7 @@ func TwoFactorScratchPost(ctx *context.Context) {
 			return
 		}

-		handleSignInFull(ctx, u, remember, false)
+		handleSignInFull(ctx, u, remember)
 		if ctx.Written() {
 			return
 		}