Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix open redirect in Horizon.

LP 1039077. Disallow login redirects to anywhere other than the same origin.

Change-Id: I36e8e4f30cf440ecc73534af38fcd8d2a111a603
  • Loading branch information...
commit 35eada8a27323c0f83c400177797927aba6bc99b 1 parent 648b078
Paul McMillan PaulMcMillan authored russellb committed
Showing with 8 additions and 1 deletion.
  1. +8 −1 horizon/views/auth_forms.py
9 horizon/views/auth_forms.py
View
@@ -28,6 +28,7 @@
from django.conf import settings
from django.contrib import messages
from django.contrib.auth import REDIRECT_FIELD_NAME
+from django.utils.http import same_origin
from django.utils.translation import ugettext as _
from keystoneclient import exceptions as keystone_exceptions
@@ -94,7 +95,13 @@ def handle(self, request, data):
request.session['region_endpoint'] = endpoint
request.session['region_name'] = region_name
- redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, "")
+ redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, None)
+ # Make sure the requested redirect matches the protocol,
+ # domain, and port of this request
+ if redirect_to and not same_origin(
+ request.build_absolute_uri(redirect_to),
+ request.build_absolute_uri()):
+ redirect_to = None
if data.get('tenant', None):
try:
Please sign in to comment.
Something went wrong with that request. Please try again.