Skip to content

Commit

Permalink
Update responder.go
Browse files Browse the repository at this point in the history
  • Loading branch information
@rbren
rbren authored Aug 27, 2020
1 parent ecd0e44 commit 7d0371e
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions defaults/responder.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,10 @@ func (r *Redirector) Redirect(w http.ResponseWriter, req *http.Request, ro authb
func (r Redirector) redirectAPI(w http.ResponseWriter, req *http.Request, ro authboss.RedirectOptions) error {
path := ro.RedirectPath
redir := req.FormValue(r.FormValueName)
if strings.Contains(redir, "://") {
// Guard against Open Redirect: https://cwe.mitre.org/data/definitions/601.html
redir = ""
}
if len(redir) != 0 && ro.FollowRedirParam {
path = redir
}
Expand Down

0 comments on commit 7d0371e

Please sign in to comment.