Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bypass trusted domain check when using redirect API #14

Closed
surli opened this issue Apr 20, 2021 · 1 comment
Closed

Bypass trusted domain check when using redirect API #14

surli opened this issue Apr 20, 2021 · 1 comment

Comments

@surli
Copy link

surli commented Apr 20, 2021

XWiki 13.3RC1 and 12.10.7 introduced a security mechanism to avoid redirecting users to untrusted domains. Extension which uses this API can still bypass the check by setting bypassDomainSecurityCheck to true in the execution context before using the redirect API, to avoid problems if administrators don't properly set it up.

@polx
Copy link

polx commented May 4, 2021

Fixed in here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants