From 2c112095a94706f0a438478fe714908f67786228 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?I=C3=B1igo=20In=20The=20Cloud?= <inigo@gestudio.com>
Date: Mon, 27 Jun 2016 14:15:05 -0400
Subject: [PATCH] Issue #9040 - Auth saving json in Auth.redirect

AuthComponent is storing JSON or any other AJAX request URL into the session variable Auth.redirect used for login redirect if the AJAX request does not send the X-Requested-With:XMLHttpRequest header.

If you send an ajax request without that header and your request is not a (.json) it will store the URL anyway.
---
 lib/Cake/Controller/Component/AuthComponent.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/Cake/Controller/Component/AuthComponent.php b/lib/Cake/Controller/Component/AuthComponent.php
index 3381d68f1..1b65fd921 100644
--- a/lib/Cake/Controller/Component/AuthComponent.php
+++ b/lib/Cake/Controller/Component/AuthComponent.php
@@ -359,7 +359,7 @@ class AuthComponent extends Component {
 			return true;
 		}
 
-		if (!$controller->request->is('ajax')) {
+		if (!$controller->request->is('ajax') && !$controller->request->is('json')) {
 			$this->flash($this->authError);
 			$this->Session->write('Auth.redirect', $controller->request->here(false));
 			$controller->redirect($this->loginAction);