allow redirects to whitelisted hosts with ports

2025-03-21 21:47:11 +02:00 · 2019-10-11 15:39:57 +03:00 · 2019-10-11 15:39:57 +03:00 · bfb22506ff
commit bfb22506ff
parent 62bf233682
2 changed files with 7 additions and 1 deletions
--- a/oauthproxy.go
+++ b/oauthproxy.go
@ -505,7 +505,7 @@ func (p *OAuthProxy) IsValidRedirect(redirect string) bool {
 			return false
 		}
 		for _, domain := range p.whitelistDomains {
-			if (redirectURL.Host == domain) || (strings.HasPrefix(domain, ".") && strings.HasSuffix(redirectURL.Host, domain)) {
+			if (redirectURL.Hostname() == domain) || (strings.HasPrefix(domain, ".") && strings.HasSuffix(redirectURL.Hostname(), domain)) {
 				return true
 			}
 		}
--- a/oauthproxy_test.go
+++ b/oauthproxy_test.go
@ -225,6 +225,12 @@ func TestIsValidRedirect(t *testing.T) {

 	invalidHTTPS2 := proxy.IsValidRedirect("https://evil.corp/redirect?rd=foo.bar")
 	assert.Equal(t, false, invalidHTTPS2)
+
+	validPort := proxy.IsValidRedirect("http://foo.bar:3838/redirect")
+	assert.Equal(t, true, validPort)
+
+	validPortSubdomain := proxy.IsValidRedirect("http://baz.bar.foo:3838/redirect")
+	assert.Equal(t, true, validPortSubdomain)
 }

 type TestProvider struct {