lib/clearance/authorization.rb in clearance-1.0.0.rc7 vs lib/clearance/authorization.rb in clearance-1.0.0.rc8

@@ -11,10 +11,19 @@
         deny_access
       end
     end
 
     def deny_access(flash_message = nil)
+      respond_to do |format|
+        format.any(:js, :json, :xml) { head :unauthorized }
+        format.any { redirect_request(flash_message) }
+      end
+    end
+
+    protected
+
+    def redirect_request(flash_message)
       store_location
 
       if flash_message
         flash[:notice] = flash_message
       end
@@ -24,12 +33,10 @@
       else
         redirect_to url_after_denied_access_when_signed_out
       end
     end
 
-    protected
-
     def clear_return_to
       session[:return_to] = nil
     end
 
     def store_location
@@ -42,10 +49,16 @@
       redirect_to(return_to || default)
       clear_return_to
     end
 
     def return_to
-      session[:return_to] || params[:return_to]
+      if return_to_url
+        URI.parse(return_to_url).path
+      end
+    end
+
+    def return_to_url
+      session[:return_to]
     end
 
     def url_after_denied_access_when_signed_in
       Clearance.configuration.redirect_url
     end