Skip to content
Snippets Groups Projects
Select Git revision
  • 17.0
  • 18.0
  • 16.0
  • 14.0
  • 14.0-__main__-sbi
  • 15.0
  • 16.0-__main__-sbi
  • 12.0-suds
  • 12.0 default protected
  • 13.0
  • renovate/configure
  • 9.0
  • 10.0
  • 7.0
  • 8.0
  • 11.0
  • 9.0-ocabot-merge-pr-1088-by-pedrobaeza-bump-nobump
  • 8.0-ocabot-merge-pr-831-by-pedrobaeza-bump-nobump
  • 12.0-old
  • 11.0-ocabot-merge-pr-882-by-pedrobaeza-bump-nobump
  • 17.0_2025-03-14
  • 16.0_2025-03-14
  • 16.0_2025-02-14
  • 17.0_2025-02-14
  • 15.0_2025-02-14
  • 15.0_2025-03-14
  • 14.0_2025-02-14
  • 14.0_2025-03-14
  • 16.0_2025-01-14
  • 17.0_2025-01-14
  • 14.0_2025-01-14
  • 16.0_2024-12-14
  • 17.0_2024-12-14
  • 15.0_2024-12-14
  • 15.0_2025-01-14
  • 15.0_2024-11-14
  • 16.0_2024-11-14
  • 17.0_2024-11-14
  • 16.0_2024-11-05
  • 16.0_2024-10-14
40 results
Compare
user avatar
[FIX] http: no rotate sid for unidentified user
Florian Vranckx authored 
This commit fixes a change in behavior between 15.2 and 15.3.

Previously, if an unidentified user tried to reach a route that had auth='user', it would simply redirect to the login page.

Currently, it redirects and invalidates the session_id.

This is an issue in the latest version of master after this PR https://github.com/odoo/enterprise/pull/36521


This commit changes the route of service-worker.js to auth='user'.

This route is called on the login page, which rotates the sid and therefore invalidates the csrf token. Making it impossible for a user to log in.

This is a race condition, meaning it would only appear if the user stayed on the login page for a few seconds, hence why the automated testing did not block the commit.

closes odoo/odoo#112169

Signed-off-by: default avatarJulien Castiaux (juc) <juc@odoo.com>
Co-authored-by: default avatarJulien Castiaux <juc@odoo.com>
d5d80d17
History
user avatar d5d80d17
History
Name Last commit Last update