From 6bd6a6b70f2469d5f4538e1e3ca08bccaa8ffddc Mon Sep 17 00:00:00 2001
From: wluyima <wyclif@openmrs.org>
Date: Tue, 18 Jun 2024 20:49:29 +0300
Subject: [PATCH] Allow redirect URLs containing http or https but do not start
 with them

---
 auth_oidc/controllers/main.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/auth_oidc/controllers/main.py b/auth_oidc/controllers/main.py
index 5b08bd486..9475f6620 100644
--- a/auth_oidc/controllers/main.py
+++ b/auth_oidc/controllers/main.py
@@ -62,7 +62,7 @@ def logout(self, redirect="/web/login"):
             p = request.env["auth.oauth.provider"].sudo().browse(user.oauth_provider_id.id)
             if p.logout_endpoint:
                 r = redirect
-                if r.find('http') == -1 and r.find('https') == -1:
+                if not r.startswith('http:') and not r.startswith('https:'):
                     r = request.env['ir.config_parameter'].sudo().get_param('web.base.url') + r
                 logout_base_url = p.logout_endpoint
                 params = {}