Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-22 02:51:33 +01:00
Code Issues Projects Releases Wiki Activity

Remove referer header match from middleware (#928)

Browse Source
This commit is contained in:
Chad Scharf 2020-09-10 16:06:22 -04:00 committed by GitHub
parent 209b6a8ef9
commit 8c7e7d1f6b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 0 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
bitwarden_license/src/Sso/Utilities/OpenIdConnectOptionsExtensions.cs
View File

@ -25,16 +25,6 @@ namespace Bit.Sso.Utilities
return true;
}
// Determine if the Authority matches the Referrer (short-cut)
var referrer = context.Request.Headers["Referer"].FirstOrDefault();
if (!string.IsNullOrWhiteSpace(referrer) &&
Uri.TryCreate(options.Authority, UriKind.Absolute, out var authorityUri) &&
Uri.TryCreate(referrer, UriKind.Absolute, out var referrerUri) &&
(referrerUri.IsBaseOf(authorityUri) || authorityUri.IsBaseOf(referrerUri)))
{
return true;
}
try
{
// Parse out the message

14
bitwarden_license/src/Sso/Utilities/Saml2OptionsExtensions.cs
View File

@ -32,20 +32,6 @@ namespace Bit.Sso.Utilities
return true;
}
// Determine if the Authority matches the Referrer (short-cut)
var referrer = context.Request.Headers["Referer"].FirstOrDefault();
if (!string.IsNullOrWhiteSpace(referrer) &&
Uri.TryCreate(referrer, UriKind.Absolute, out var referrerUri) &&
(referrerUri.IsBaseOf(idp.SingleSignOnServiceUrl) ||
idp.SingleSignOnServiceUrl.IsBaseOf(referrerUri) ||
referrerUri.IsBaseOf(idp.SingleLogoutServiceUrl) ||
idp.SingleLogoutServiceUrl.IsBaseOf(referrerUri) ||
referrerUri.IsBaseOf(idp.SingleLogoutServiceResponseUrl) ||
idp.SingleLogoutServiceResponseUrl.IsBaseOf(referrerUri)))
{
return true;
}
// We need to pull out and parse the response or request SAML envelope
XmlElement assertion = null;
try