Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sign-in after session expired redirects to turbo frame url #5633

Open
TheRealNeil opened this issue Sep 30, 2023 · 2 comments
Open

Sign-in after session expired redirects to turbo frame url #5633

TheRealNeil opened this issue Sep 30, 2023 · 2 comments

Comments

@TheRealNeil
Copy link

Environment

  • Ruby 3.2.2
  • Rails 7.1.0.rc1
  • Devise 4.9.2

Current behaviour

If a user tries to navigate within a turbo frame after their session expires. They are redirected to the sign-in page. There is some more info in the turbo documentation. After signing in again, the user is redirected to the turbo frame url.

Expected behaviour

After signing in again, the user should be redirected to the last non-turbo frame url or fall back to the root url.

Steps taken

I have tried following the instructions in this wiki article but this still doesn't solve the issue. It appears that the FailureApp is storing the location in any case.

@TheRealNeil
Copy link
Author

I compiled a couple of solutions;

1. Patch Devise Failure App

lib/devise/failure_app.rb

def store_location!
- store_location_for(scope, attempted_path) if request.get? && !http_auth?
+ store_location_for(scope, attempted_path) if request.get? && !http_auth? && !request.headers["Turbo-Frame"].present?
end

2. Create a Custom Failure App

config/initializers/devise.rb

require 'custom_failure_app'

Devise.setup do |config|
  ...
  # ==> Configuration for our customer failure app
  config.warden do |manager|
    manager.failure_app = CustomFailureApp
  end
end

lib/custom_failure_app.rb

# Override the Devise failure app to not store the location for turbo frame requests
class CustomFailureApp < Devise::FailureApp

  protected

  def store_location!
    store_location_for(scope, attempted_path) if request.get? && !http_auth? && !turbo_frame_request?
  end

  private

  # taken from https://github.com/hotwired/turbo-rails/blob/main/app/controllers/turbo/frames/frame_request.rb#L31
  def turbo_frame_request?
    turbo_frame_request_id.present?
  end

  # taken from https://github.com/hotwired/turbo-rails/blob/main/app/controllers/turbo/frames/frame_request.rb#L35
  def turbo_frame_request_id
    request.headers["Turbo-Frame"]
  end
end

@salimhb
Copy link

salimhb commented Oct 26, 2023

I'm experiencing the same issue. The redirect fails silently. I only see in the network tab that the response redirects to the Turbo version, which does not find the matching frames to replace since it's on the login page.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

2 participants