Skip to content
This repository was archived by the owner on Jan 24, 2019. It is now read-only.
This repository was archived by the owner on Jan 24, 2019. It is now read-only.

'/' redirect check isn't enough. #228

@sdier

Description

@sdier

'//foo.com/foo' is a valid url, so the redirect check at oauthproxy.go:479 is not sufficient for its intent.

Since I'm using this hole to redirect to other domains within a set of subdomains -- it would be cool if this was somehow preserved so I can have a partially open redirect. (I'm using an 'auth' domain and redirect to it from other domains and then redirect back while using the nginx aut -- I plan on writing up the configuration soon for others to use.)

Metadata

Metadata

Assignees

Labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions