mirror of
https://github.com/Mailu/Mailu.git
synced 2025-01-18 03:21:36 +02:00
Handle WEBROOT_REDIRECT better
This commit is contained in:
Florent Daigniere
parent
e1739befc0
commit
1831ca3b1e
@ -21,7 +21,7 @@ def login():
|
||||
|
||||
fields = []
|
||||
|
||||
if flask.request.args.get('url'):
|
||||
if 'url' in flask.request.args and not 'homepage' in flask.request.url:
|
||||
fields.append(form.submitAdmin)
|
||||
else:
|
||||
form.submitAdmin.label.text = form.submitAdmin.label.text + ' Admin'
|
||||
@ -79,6 +79,8 @@ Redirect to the url passed in parameter if any; Ensure that this is not an open-
|
||||
https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
|
||||
"""
|
||||
def _has_usable_redirect():
|
||||
if 'homepage' in flask.request.url:
|
||||
return None
|
||||
if url := flask.request.args.get('url'):
|
||||
url = url_unquote(url)
|
||||
target = urlparse(urljoin(flask.request.url, url))
|
||||
|
||||
@ -173,11 +173,15 @@ http {
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
location @sso_login {
|
||||
return 302 /sso/login?url=$request_uri;
|
||||
}
|
||||
|
||||
{% if WEB_WEBMAIL != '/' and WEBROOT_REDIRECT != 'none' %}
|
||||
location / {
|
||||
expires $expires;
|
||||
{% if WEBROOT_REDIRECT %}
|
||||
try_files $uri {{ WEBROOT_REDIRECT }};
|
||||
try_files $uri {{ WEBROOT_REDIRECT }}?homepage;
|
||||
{% else %}
|
||||
try_files $uri =404;
|
||||
{% endif %}
|
||||
@ -192,7 +196,7 @@ http {
|
||||
{% endif %}
|
||||
include /etc/nginx/proxy.conf;
|
||||
auth_request /internal/auth/user;
|
||||
error_page 403 @webmail_login;
|
||||
error_page 403 @sso_login;
|
||||
proxy_pass http://$webmail;
|
||||
}
|
||||
|
||||
@ -211,13 +215,9 @@ http {
|
||||
auth_request_set $token $upstream_http_x_user_token;
|
||||
proxy_set_header X-Remote-User $user;
|
||||
proxy_set_header X-Remote-User-Token $token;
|
||||
error_page 403 @webmail_login;
|
||||
error_page 403 @sso_login;
|
||||
proxy_pass http://$webmail;
|
||||
}
|
||||
|
||||
location @webmail_login {
|
||||
return 302 /sso/login?url=$request_uri;
|
||||
}
|
||||
{% endif %}
|
||||
{% if ADMIN %}
|
||||
location {{ WEB_ADMIN }} {
|
||||
@ -232,11 +232,7 @@ http {
|
||||
proxy_set_header X-Real-IP "";
|
||||
proxy_set_header X-Forwarded-For "";
|
||||
proxy_pass http://$antispam;
|
||||
error_page 403 @antispam_login;
|
||||
}
|
||||
|
||||
location @antispam_login {
|
||||
return 302 /sso/login?url=$request_uri;
|
||||
error_page 403 @sso_login;
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user