[DRE-maint] Bug#581383: ENV['RAILS_RELATIVE_URL_ROOT'] should never be empty
Laurent Bigonville
bigon at debian.org
Wed May 12 15:09:45 UTC 2010
Package: redmine
Version: 0.9.4-1
Severity: important
Hi,
I ran today into a odd problem.
My users where able to login but for some operation the get
an "Invalid form authenticity token" error.
I also discovered that redmine was setting several cookies instead of
only one. After some search I figured out that:
DefaultInitEnv RAILS_RELATIVE_URL_ROOT "" was set in my apache config,
commenting this directive fix everything.
In config/environment.rb there is
:session_path => ENV['RAILS_RELATIVE_URL_ROOT'] ? ENV['RAILS_RELATIVE_URL_ROOT'] : '/'
which check if RAILS_RELATIVE_URL_ROOT is set or not (but not if it's
empty). I've found a patch on http://www.redmine.org/issues/3968 where
it check if it's empty or not, which seems a better approach as it
seems that firefox and IE interpret differently the fact that the
cookie path is empty.
Regards
Laurent Bigonville
More information about the Pkg-ruby-extras-maintainers
mailing list