Open redirect to another domain after login with next query #9950
Labels
status: accepted
This issue has been accepted for implementation
type: bug
A confirmed report of unexpected behavior in the application
NetBox version
v3.2.7
Python version
3.9
Steps to Reproduce
On login the query string next can redirect to another domain with //www.google.com
/login/?next={path}
/login/?next=/home
/login/?next=//www.google.com
Expected Behavior
Only redirect to a Path of the current domain.
/login/?next=/home (success)
/login/?next=//www.google.com (should fail and redirect to home)
Observed Behavior
/login/?next=/home (success)
/login/?next=//www.google.com (success)
The text was updated successfully, but these errors were encountered: