redirect whitelist support #236
Comments
|
That would something that you put in a filter so that when |
|
here is the solution. you can do something like to only allow redirect within current site LAZO.app.addRequestFilter('.*', function (path, params, ctx, options) {
var hostname = ctx.location.hostname;
var port = ctx.location.port;
var sslPort = LAZO.config.get('sslPort') || 8443;
var sslProtocol = LAZO.config.get('sslProtocol') || 'https';
var hostMatchPattern;
var redirectHost;
var redirectUrl;
hostMatchPattern = port ? hostname + ':' + port : hostname;
redirectHost = getHostName(ctx.params.redirect);
if (!(redirectHost === hostMatchPattern)) {
//redirect to main host page
return options.success(sslProtocol + '://' + hostname + (sslPort ? ':' + sslPort : ''));
}
});
function getHostName(url) {
var regex = /^(?:https?:\/\/)?(?:www\.)?([^\/]+)/i;
var redirectHostMatch = url.match(regex);
var redirectHost;
if (redirectHostMatch) {
redirectHost = redirectHostMatch[1];
}
return redirectHost;
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Does LAZO support blocking off-site redirects via config or only allow redirect from a whitelist via a config?
Or that is something outside of framework scope?
The text was updated successfully, but these errors were encountered: