go/authboss
1
0
Fork 0
mirror of https://github.com/volatiletech/authboss.git synced 2025-09-16 09:06:20 +02:00
Code Issues Releases Activity

Update responder.go

Browse Source
This commit is contained in:
Robert Brennan
2020-08-27 14:44:51 -04:00
committed by GitHub
parent ecd0e44e0b
commit 7d0371efdc
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
defaults/responder.go
View File

@@ -77,6 +77,10 @@ func (r *Redirector) Redirect(w http.ResponseWriter, req *http.Request, ro authb
func (r Redirector) redirectAPI(w http.ResponseWriter, req *http.Request, ro authboss.RedirectOptions) error {
path := ro.RedirectPath
redir := req.FormValue(r.FormValueName)
if strings.Contains(redir, "://") {
// Guard against Open Redirect: https://cwe.mitre.org/data/definitions/601.html
redir = ""
}
if len(redir) != 0 && ro.FollowRedirParam {
path = redir
}