Fix link/origin referrer and login redirect (#36279)

Fix #35998 1. Fix `<a rel>` : * "_blank" already means "noopener" * "noreferrer" is already provided by page's `<meta name="referrer">` 2. Fix "redirect_to" mechisam * Use "referer" header to determine the redirect link for a successful login 3. Simplify code and merge duplicate logic
2026-01-03 11:43:04 +08:00
parent 6fb3547417
commit b79dbfa990
46 changed files with 141 additions and 168 deletions
@@ -16,7 +16,6 @@ import (
 	"code.gitea.io/gitea/modules/templates"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/web"
-	"code.gitea.io/gitea/modules/web/middleware"
 	"code.gitea.io/gitea/services/context"
 	"code.gitea.io/gitea/services/forms"
 	"code.gitea.io/gitea/services/mailer"
@@ -236,7 +235,7 @@ func ResetPasswdPost(ctx *context.Context) {
 			return
 		}

-		handleSignInFull(ctx, u, remember, false)
+		handleSignInFull(ctx, u, remember)
 		if ctx.Written() {
 			return
 		}
@@ -308,11 +307,5 @@ func MustChangePasswordPost(ctx *context.Context) {

 	log.Trace("User updated password: %s", ctx.Doer.Name)

-	if redirectTo := ctx.GetSiteCookie("redirect_to"); redirectTo != "" {
-		middleware.DeleteRedirectToCookie(ctx.Resp)
-		ctx.RedirectToCurrentSite(redirectTo)
-		return
-	}
-
-	ctx.Redirect(setting.AppSubURL + "/")
+	redirectAfterAuth(ctx)
 }