Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

URL encoding lost upon round trip through login #4475

Closed
Conduitry opened this issue Jul 19, 2018 · 3 comments · Fixed by #6399
Closed

URL encoding lost upon round trip through login #4475

Conduitry opened this issue Jul 19, 2018 · 3 comments · Fixed by #6399
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented type/bug
Milestone
1.8.0

Comments

@Conduitry
Copy link

If you are logged out and at a url containing an encoded # (i.e., %23), and then you click 'sign in' and complete the sign-in, you end up at the original url but with an actual # in it instead of a %23.

In the first navigation (upon clicking 'sign in') you are brought to a page with a ?redirect_to= value containing %2523, which seems correct. The set-cookie header that's returned also contains %2523, which I think is correct. It's not going through the layer of query param encoding, but it is going through the layer of cookie header encoding.

In the second navigation (upon entering your username/password and clicking 'sign in'), the redirect from the server has a location header that includes a # though, which is definitely incorrect.

This is on Gitea version 1e2da5d
@lunny lunny added the type/bug label Jul 20, 2018
@stale
Copy link

stale bot commented Jan 17, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale stale bot added the issue/stale label Jan 17, 2019
@Conduitry
Copy link
Author

It looks like this is still occurring. I don't think the issue should be closed.

@stale stale bot removed the issue/stale label Jan 18, 2019
@stale
Copy link

stale bot commented Mar 19, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale stale bot added the issue/stale label Mar 19, 2019
@lunny lunny added the issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented label Mar 20, 2019
@stale stale bot removed the issue/stale label Mar 20, 2019
mrsdizzie added a commit to mrsdizzie/gitea that referenced this issue Mar 20, 2019
@mrsdizzie
Don't Unescape redirect_to cookie value
22b6356 
redirect_to holds a value that we want to redirect back to after login.
This value can be a path with intentonally escaped values and we
should not unescape it.

Fixes go-gitea#4475
@mrsdizzie mrsdizzie mentioned this issue Mar 20, 2019
Merged
techknowlogick pushed a commit that referenced this issue Mar 21, 2019
@mrsdizzie @techknowlogick
Don't Unescape redirect_to cookie value (#6399)
6f2e1bd 
redirect_to holds a value that we want to redirect back to after login.
This value can be a path with intentonally escaped values and we
should not unescape it.

Fixes #4475
mrsdizzie added a commit to mrsdizzie/gitea that referenced this issue Mar 21, 2019
@mrsdizzie
Don't Unescape redirect_to cookie value (go-gitea#6399)
5fd9052 
redirect_to holds a value that we want to redirect back to after login.
This value can be a path with intentonally escaped values and we
should not unescape it.

Fixes go-gitea#4475
lafriks pushed a commit that referenced this issue Mar 21, 2019
@mrsdizzie @lafriks
Don't Unescape redirect_to cookie value (#6399) (#6401)
3ce1951 
redirect_to holds a value that we want to redirect back to after login.
This value can be a path with intentonally escaped values and we
should not unescape it.

Fixes #4475
@lafriks lafriks added this to the 1.8.0 milestone Mar 21, 2019
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented type/bug
Projects
None yet
Milestone
1.8.0
Development

Successfully merging a pull request may close this issue.

Don't Unescape redirect_to cookie value mrsdizzie/gitea
3 participants
@lunny @lafriks @Conduitry