Skip to content
This repository has been archived by the owner. It is now read-only.

Only redirect to relative URLs on login #1729

Merged
merged 1 commit into from Mar 9, 2016
Merged

Only redirect to relative URLs on login #1729

merged 1 commit into from Mar 9, 2016

Conversation

@edmundoa
Copy link
Member

@edmundoa edmundoa commented Mar 9, 2016

Do not redirect to absolute URLs after login, as this could allow someone to send a manipulated URL pointing to any external (and potentially dangerous) site.

Do not redirect to absolute URLs on login, as this could allow someone
to send a manipulated URL pointing to any external site.
@dennisoelkers dennisoelkers self-assigned this Mar 9, 2016
@dennisoelkers dennisoelkers added this to the 1.x milestone Mar 9, 2016
dennisoelkers added a commit that referenced this issue Mar 9, 2016
Only redirect to relative URLs on login
@dennisoelkers dennisoelkers merged commit f7d844a into 1.3 Mar 9, 2016
2 checks passed
Loading
@dennisoelkers dennisoelkers deleted the fix-login-redirect branch Mar 9, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants