Skip to content

Commit

Permalink
Allow redirect URLs containing http or https but do not start with them
Browse files Browse the repository at this point in the history
  • Loading branch information
@wluyima
wluyima committed Jun 18, 2024
1 parent 9401071 commit 6bd6a6b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion auth_oidc/controllers/main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ def logout(self, redirect="/web/login"):
p = request.env["auth.oauth.provider"].sudo().browse(user.oauth_provider_id.id)

Check warning on line 62 in auth_oidc/controllers/main.py

View check run for this annotation

Codecov / codecov/patch

auth_oidc/controllers/main.py#L62 

Added line #L62 was not covered by tests
if p.logout_endpoint:
r = redirect

Check warning on line 64 in auth_oidc/controllers/main.py

View check run for this annotation

Codecov / codecov/patch

auth_oidc/controllers/main.py#L64 

Added line #L64 was not covered by tests
if r.find('http') == -1 and r.find('https') == -1:
if not r.startswith('http:') and not r.startswith('https:'):
r = request.env['ir.config_parameter'].sudo().get_param('web.base.url') + r
logout_base_url = p.logout_endpoint
params = {}

Check warning on line 68 in auth_oidc/controllers/main.py

View check run for this annotation

Codecov / codecov/patch

auth_oidc/controllers/main.py#L66-L68 

Added lines #L66 - L68 were not covered by tests
Expand Down

0 comments on commit 6bd6a6b

Please sign in to comment.