TheRealNeil
commented
1 year ago I compiled a couple of solutions;
1. Patch Devise Failure App
def store_location!
- store_location_for(scope, attempted_path) if request.get? && !http_auth?
+ store_location_for(scope, attempted_path) if request.get? && !http_auth? && !request.headers["Turbo-Frame"].present?
end2. Create a Custom Failure App
config/initializers/devise.rb
require 'custom_failure_app'
Devise.setup do |config|
...
# ==> Configuration for our customer failure app
config.warden do |manager|
manager.failure_app = CustomFailureApp
end
endlib/custom_failure_app.rb
# Override the Devise failure app to not store the location for turbo frame requests
class CustomFailureApp < Devise::FailureApp
protected
def store_location!
store_location_for(scope, attempted_path) if request.get? && !http_auth? && !turbo_frame_request?
end
private
# taken from https://github.com/hotwired/turbo-rails/blob/main/app/controllers/turbo/frames/frame_request.rb#L31
def turbo_frame_request?
turbo_frame_request_id.present?
end
# taken from https://github.com/hotwired/turbo-rails/blob/main/app/controllers/turbo/frames/frame_request.rb#L35
def turbo_frame_request_id
request.headers["Turbo-Frame"]
end
end
salimhb
Environment
Current behaviour
If a user tries to navigate within a turbo frame after their session expires. They are redirected to the sign-in page. There is some more info in the turbo documentation. After signing in again, the user is redirected to the turbo frame url.
Expected behaviour
After signing in again, the user should be redirected to the last non-turbo frame url or fall back to the root url.
Steps taken
I have tried following the instructions in this wiki article but this still doesn't solve the issue. It appears that the
FailureAppis storing the location in any case.