mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-29 05:35:43 +01:00
Limit url to local site (#20013)
Signed-off-by: stonezdj <daojunz@vmware.com> Co-authored-by: stonezdj <daojunz@vmware.com>
This commit is contained in:
parent
fa6b13871f
commit
54819ba8cd
@ -63,7 +63,13 @@ func (oc *OIDCController) RedirectLogin() {
|
||||
oc.SendInternalServerError(err)
|
||||
return
|
||||
}
|
||||
if err := oc.SetSession(redirectURLKey, oc.Ctx.Request.URL.Query().Get("redirect_url")); err != nil {
|
||||
redirectURL := oc.Ctx.Request.URL.Query().Get("redirect_url")
|
||||
if strings.HasPrefix(redirectURL, "//") {
|
||||
log.Errorf("invalid redirect url: %v", redirectURL)
|
||||
oc.SendBadRequestError(fmt.Errorf("cannot redirect to other site"))
|
||||
return
|
||||
}
|
||||
if err := oc.SetSession(redirectURLKey, redirectURL); err != nil {
|
||||
log.Errorf("failed to set session for key: %s, error: %v", redirectURLKey, err)
|
||||
oc.SendInternalServerError(err)
|
||||
return
|
||||
|
Loading…
Reference in New Issue
Block a user