FIX: redirect client to the original url after logging in for private instances

app/assets/javascripts/discourse/controllers/login.js.es6

@@ -8,6 +8,7 @@ export default DiscourseController.extend(ModalFunctionality, {
   loggedIn: false,
 
   canLoginLocal: Discourse.computed.setting('enable_local_logins'),
+  loginRequired: Em.computed.alias('controllers.application.loginRequired'),
 
   resetForm: function() {
     this.set('authenticate', null);
@@ -72,9 +73,16 @@ export default DiscourseController.extend(ModalFunctionality, {
           self.set('loggedIn', true);
           // Trigger the browser's password manager using the hidden static login form:
           var $hidden_login_form = $('#hidden-login-form');
+          var destinationUrl = $.cookie('destination_url');
           $hidden_login_form.find('input[name=username]').val(self.get('loginName'));
           $hidden_login_form.find('input[name=password]').val(self.get('loginPassword'));
+          if (self.get('loginRequired') && destinationUrl) {
+            // redirect client to the original URL
+            $.cookie('destination_url', null);
+            $hidden_login_form.find('input[name=redirect]').val(destinationUrl);
+          } else {
             $hidden_login_form.find('input[name=redirect]').val(window.location.href);
+          }
           $hidden_login_form.submit();
         }
 

app/controllers/application_controller.rb

@@ -346,6 +346,8 @@ class ApplicationController < ActionController::Base
     def redirect_to_login_if_required
       return if current_user || (request.format.json? && api_key_valid?)
 
+      # save original URL in a cookie
+      cookies[:destination_url] = request.original_url unless request.original_url =~ /uploads/
       redirect_to :login if SiteSetting.login_required?
     end