New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Only redirect to relative URLs on login #1729

Merged
merged 1 commit into from Mar 9, 2016

Conversation

Projects
None yet
2 participants
@edmundoa
Member

edmundoa commented Mar 9, 2016

Do not redirect to absolute URLs after login, as this could allow someone to send a manipulated URL pointing to any external (and potentially dangerous) site.

Only redirect to relative URLs on login
Do not redirect to absolute URLs on login, as this could allow someone
to send a manipulated URL pointing to any external site.

@edmundoa edmundoa added the security label Mar 9, 2016

@dennisoelkers dennisoelkers self-assigned this Mar 9, 2016

@dennisoelkers dennisoelkers added this to the 1.x milestone Mar 9, 2016

dennisoelkers added a commit that referenced this pull request Mar 9, 2016

Merge pull request #1729 from Graylog2/fix-login-redirect
Only redirect to relative URLs on login

@dennisoelkers dennisoelkers merged commit f7d844a into 1.3 Mar 9, 2016

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@dennisoelkers dennisoelkers deleted the fix-login-redirect branch Mar 9, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment