Skip to content

Commit

Permalink
Prevent open redirect when checking SSO
Browse files Browse the repository at this point in the history 
Co-authored-by: Jasu Viding <jasu.viding@gmail.com>
  • Loading branch information
@jonkoops @jviding @stianst
2 people authored and stianst committed Mar 1, 2023
1 parent e4bd6b7 commit 15ef5df
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion middleware/check-sso.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,8 @@ module.exports = function (keycloak) {
delete urlParts.query.auth_callback
delete urlParts.query.state

const cleanUrl = URL.format(urlParts)
// Collapse leading slashes to a single slash to prevent open redirects
const cleanUrl = URL.format(urlParts).replace(/^\/+/, '/')

// Check SSO process is completed
request.session.auth_is_check_sso_complete = true
Expand Down

0 comments on commit 15ef5df

Please sign in to comment.