Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: dont allow allauth redirects to any host #5783

Merged
merged 3 commits into from Feb 16, 2024
Merged

Fix: dont allow allauth redirects to any host #5783

merged 3 commits into from Feb 16, 2024

Conversation

shamoon
Copy link
Member

@shamoon shamoon commented Feb 15, 2024

Proposed change

This is a little tricky. If we change the default ALLOWED_HOSTS I think we will break a lot of installs. This should handle the issue and I think should be OK because it only affects regular login (not social)

Closes #5780

Type of change

  • Bug fix: non-breaking change which fixes an issue.
  • New feature / Enhancement: non-breaking change which adds functionality. Please read the important note above.
  • Breaking change: fix or feature that would cause existing functionality to not work as expected.
  • Documentation only.
  • Other. Please explain:

Checklist:

  • I have read & agree with the contributing guidelines.
  • If applicable, I have included testing coverage for new code in this PR, for backend and / or front-end changes.
  • If applicable, I have tested my code for new features & regressions on both mobile & desktop devices, using the latest version of major browsers.
  • If applicable, I have checked that all tests pass, see documentation.
  • I have run all pre-commit hooks, see documentation.
  • I have made corresponding changes to the documentation as needed.
  • I have checked my modifications for any breaking changes.

@paperless-ngx-secretary paperless-ngx-secretary bot added backend non-trivial Requires approval by several team members labels Feb 15, 2024
@github-actions github-actions bot added the bug Bug report or a Bug-fix label Feb 15, 2024
@codecov Codecov
Copy link

codecov bot commented Feb 15, 2024
edited

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (8d664fa) 96.68% compared to head (f51e000) 96.68%.

Additional details and impacted files 
@@           Coverage Diff           @@
##              dev    #5783   +/-   ##
=======================================
  Coverage   96.68%   96.68%           
=======================================
  Files         405      405           
  Lines       16158    16167    +9     
  Branches     1172     1244   +72     
=======================================
+ Hits        15622    15631    +9     
  Misses        536      536
Flag Coverage Δ
backend 95.59% <100.00%> (+<0.01%) ⬆️
frontend 97.99% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@shamoon shamoon marked this pull request as ready for review February 16, 2024 00:24
@shamoon shamoon requested a review from a team as a code owner February 16, 2024 00:24
@shamoon
Copy link
Member Author

shamoon commented Feb 16, 2024

Thanks for help with testing stumpy!

@shamoon shamoon merged commit f1049cf into dev Feb 16, 2024
30 checks passed
@shamoon shamoon deleted the fix-5780 branch February 16, 2024 00:37
@shamoon shamoon added this to the v2.5.3 milestone Feb 16, 2024
@github-actions GitHub Actions
Copy link
Contributor

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new discussion or issue for related concerns. See our contributing guidelines for more details.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 18, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@stumpylog stumpylog stumpylog approved these changes

Assignees
No one assigned
Labels
backend bug Bug report or a Bug-fix non-trivial Requires approval by several team members
Projects
Paperless-ngx
Status: Done
Milestone
v2.5.3
Development

Successfully merging this pull request may close these issues.

[Security] Open Redirect on Login page
2 participants
@shamoon @stumpylog