Limit url to local site (#20013)

Signed-off-by: stonezdj <daojunz@vmware.com> Co-authored-by: stonezdj <daojunz@vmware.com>
2024-11-25 11:46:43 +01:00 · 2024-02-23 15:40:13 +08:00 · 2024-02-23 15:40:13 +08:00 · 54819ba8cd
commit 54819ba8cd
parent fa6b13871f
1 changed files with 7 additions and 1 deletions
--- a/src/core/controllers/oidc.go
+++ b/src/core/controllers/oidc.go
@ -63,7 +63,13 @@ func (oc *OIDCController) RedirectLogin() {
 		oc.SendInternalServerError(err)
 		return
 	}
-	if err := oc.SetSession(redirectURLKey, oc.Ctx.Request.URL.Query().Get("redirect_url")); err != nil {
+	redirectURL := oc.Ctx.Request.URL.Query().Get("redirect_url")
 	if strings.HasPrefix(redirectURL, "//") {
 		log.Errorf("invalid redirect url: %v", redirectURL)
 		oc.SendBadRequestError(fmt.Errorf("cannot redirect to other site"))
 		return
 	}
 	if err := oc.SetSession(redirectURLKey, redirectURL); err != nil {
 		log.Errorf("failed to set session for key: %s, error: %v", redirectURLKey, err)
 		oc.SendInternalServerError(err)
 		return