-
Bug
-
Resolution: Fixed
-
Low
-
5.1.5
-
None
After applying the patch for CONF-30221, login redirects can contain a ${originalurl} parameter, instead of the original URL that requires a login.
If you have configured all of the below:
- allowed anonymous access in global permissions
- allowed anonymous view in space permissions
- restricted some content in that space so that anonymous cannot view it.
Then any time a non-logged-in user tries to view the restricted content they will be redirected to a login page normally, but once they are logged in they will be redirected to the site homepage, not their original destination.
Workaround
Once the user has logged in, they should manually navigate back to the page they intended to view.
- is caused by
-
-
- Closed
-
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[CONFSERVER-30220] Redirect for login can break
stefan22 - yes, this issue was found with the change for CONF-30221 before we shipped 5.1.5 and fixed in that version.
If you're seeing the same behaviour in a more recent version of Confluence, please raise a new ticket and we'll review it.
Affected version AND fixed version both 5.1.5? This doesn't sound quite right to me. Or does it mean the issue got introduced during 5.1.5 development and was fixed before 5.1.5 was shipped?
@matt thanks for the answer. I'c.