go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-06-17 00:17:40 +02:00
Code Issues Releases Activity

check for /\ redirects

Browse Source
This commit is contained in:
David Stark
2020-01-26 15:00:03 +00:00
parent d9362d3bb9
commit 0198dd6e93
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
oauthproxy.go
View File

@ -558,7 +558,7 @@ func validOptionalPort(port string) bool {
// IsValidRedirect checks whether the redirect URL is whitelisted // IsValidRedirect checks whether the redirect URL is whitelisted
func (p *OAuthProxy) IsValidRedirect(redirect string) bool { func (p *OAuthProxy) IsValidRedirect(redirect string) bool {
switch { switch {
case strings.HasPrefix(redirect, "/") && !strings.HasPrefix(redirect, "//"): case strings.HasPrefix(redirect, "/") && !strings.HasPrefix(redirect, "//") && !strings.HasPrefix(redirect, "/\\"):
return true return true
case strings.HasPrefix(redirect, "http://") || strings.HasPrefix(redirect, "https://"): case strings.HasPrefix(redirect, "http://") || strings.HasPrefix(redirect, "https://"):
redirectURL, err := url.Parse(redirect) redirectURL, err := url.Parse(redirect)