Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2025-02-16 01:21:48 +01:00
Code Issues Projects Releases Wiki Activity

PM-13103 - DuoRedirect - fix redirectToDuoFrameless logic to allow either duosecurity.com or duofederal.com as valid redirect urls. The existing logic failed b/c the construction of the previous check would reject all URLs. (#11363)

Browse Source
This commit is contained in:
Jared Snider 2024-10-02 13:16:48 -04:00 committed by GitHub
parent 22a9e8788b
commit c969f617a8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/web/src/connectors/duo-redirect.ts
View File

@ -54,8 +54,10 @@ function redirectToDuoFrameless(redirectUrl: string) {
if (
validateUrl.protocol !== "https:" ||
!validateUrl.hostname.endsWith("duosecurity.com") ||
!validateUrl.hostname.endsWith("duofederal.com")
!(
validateUrl.hostname.endsWith("duosecurity.com") ||
validateUrl.hostname.endsWith("duofederal.com")
)
) {
throw new Error("Invalid redirect URL");
}