open redirect vulnerability #1092
Labels
Comments
rchl
added a commit
that referenced
this issue
Mar 7, 2021
If the resolved path for a given locale is 404 then don't attempt to change the path to locale specific. Avoids redirecting unnecessarily to a route that doesn't exist anyway. That also fixes the security issue with redirecting to a different domain but just in case added an additional measure against that. Resolves #1092
|
Thanks for reporting. Preparing a fix in #1093. |
rchl
added a commit
that referenced
this issue
Mar 7, 2021
If the resolved path for a given locale is 404 then return resolved route based on the original path input rather than the locale-adjusted path. This affects redirects on locale change, page load, and the behavior of localePath and localeRoute APIs. Avoids redirecting unnecessarily to a route that doesn't exist anyway. That also fixes the security issue with redirecting to a different domain but just in case added an additional measure against that. Resolves #1092
This was referenced Mar 9, 2021
Closed
Closed
This was referenced Mar 15, 2021
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version
nuxt-i18n: 6.12.2
nuxt: 2.14.7
Nuxt configuration
mode:
Nuxt-i18n configuration
i18n: {
strategy: 'prefix_except_default',
...
}
Reproduction Link
https://sty4f.sse.codesandbox.io
Steps to reproduce
https://sty4f.sse.codesandbox.io//google.com/
What is Expected?
redirect to error page
What is actually happening?
redirect to google.com
The text was updated successfully, but these errors were encountered: