This repository was archived by the owner on Jan 24, 2019. It is now read-only.
This repository was archived by the owner on Jan 24, 2019. It is now read-only.
'/' redirect check isn't enough. #228
Description
'//foo.com/foo' is a valid url, so the redirect check at oauthproxy.go:479 is not sufficient for its intent.
Since I'm using this hole to redirect to other domains within a set of subdomains -- it would be cool if this was somehow preserved so I can have a partially open redirect. (I'm using an 'auth' domain and redirect to it from other domains and then redirect back while using the nginx aut -- I plan on writing up the configuration soon for others to use.)