go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-01-08 04:03:58 +02:00
Code Issues Releases Activity

check for /\ redirects

Browse Source
This commit is contained in:
David Stark 2020-01-26 15:00:03 +00:00
parent d9362d3bb9
commit 0198dd6e93
No known key found for this signature in database
GPG Key ID: 3D73875B6FF4B48C
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
oauthproxy.go
View File

@ -558,7 +558,7 @@ func validOptionalPort(port string) bool {
// IsValidRedirect checks whether the redirect URL is whitelisted
func (p *OAuthProxy) IsValidRedirect(redirect string) bool {
switch {
case strings.HasPrefix(redirect, "/") && !strings.HasPrefix(redirect, "//"):
case strings.HasPrefix(redirect, "/") && !strings.HasPrefix(redirect, "//") && !strings.HasPrefix(redirect, "/\\"):
return true
case strings.HasPrefix(redirect, "http://") || strings.HasPrefix(redirect, "https://"):
redirectURL, err := url.Parse(redirect)