go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-07-15 01:44:22 +02:00
Code Issues Releases Activity

Merge pull request #359 from jehiah/redirect_check_359

Browse Source 
Improve redirect checks
This commit is contained in:
Jehiah Czebotar
2017-03-28 21:34:23 -04:00
committed by GitHub
parent 712739f777 289a6ccf46
commit 86d083266b
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
oauthproxy.go
View File

@ -490,7 +490,7 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
} }
redirect := req.Form.Get("state") redirect := req.Form.Get("state")
if !strings.HasPrefix(redirect, "/") { if !strings.HasPrefix(redirect, "/") || strings.HasPrefix(redirect, "//") {
redirect = "/" redirect = "/"
} }

2
providers/provider_default.go
View File

@ -88,7 +88,7 @@ func (p *ProviderData) GetLoginURL(redirectURI, finalRedirect string) string {
params.Add("scope", p.Scope) params.Add("scope", p.Scope)
params.Set("client_id", p.ClientID) params.Set("client_id", p.ClientID)
params.Set("response_type", "code") params.Set("response_type", "code")
if strings.HasPrefix(finalRedirect, "/") { if strings.HasPrefix(finalRedirect, "/") && !strings.HasPrefix(finalRedirect,"//") {
params.Add("state", finalRedirect) params.Add("state", finalRedirect)
} }
a.RawQuery = params.Encode() a.RawQuery = params.Encode()