Ensure before actions run on root route (#1482)

* Ensure before actions run on root route When using the recommended method for injecting a before filter into GoodJob the initial root route ignores that filter. In cases where someone is using that before filter to apply security they may want to return a non-301 response code for users who don't pass the authentication check. For example someone may want to obfuscate that they're using GoodJob by returning a 404 from all GoodJob routes if the user is not logged in. Before this change users would receive the redirect from the root route, then get the 404, essentially "leaking" that the site is running GoodJob. * Add query params to root route redirect. Live polling relies on a query string param with hits the root route. Ensure this param survives the redirect. * Move redirect action to jobs controller --------- Co-authored-by: Ben Sheldon [he/him] <bensheldon@gmail.com>
bensheldon · Sep 14, 2024 · 9783e3c · 9783e3c
1 parent 4d443b3
commit 9783e3c
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/app/controllers/good_job/jobs_controller.rb b/app/controllers/good_job/jobs_controller.rb
@@ -94,6 +94,12 @@ def destroy
       redirect_to jobs_path, notice: t(".notice")
     end
 
+    def redirect_to_index
+      # Redirect to the jobs page, maintaining query parameters. This is
+      # necessary to support the `?poll=1` parameter that enables live polling.
+      redirect_to jobs_path(request.query_parameters)
+    end
+
     private
 
     def redirect_on_error(exception)

diff --git a/config/routes.rb b/config/routes.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 GoodJob::Engine.routes.draw do
-  root to: redirect(path: 'jobs')
+  root 'jobs#redirect_to_index'
 
   resources :jobs, only: %i[index show destroy] do
     collection do