sinjuginas/oauth2-proxy
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Add logging in case of invalid redirects (#471)

Browse Source 
* Add logging in case of invalid redirects

* update changelog

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
This commit is contained in:
Phil Taprogge 2020-04-02 09:51:38 +01:00 committed by GitHub
parent eb31850470
commit 3f7837b955
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -19,6 +19,7 @@
- Release images moved to `quay.io/oauth2-proxy/oauth2-proxy`
- Binaries renamed from `oauth2_proxy` to `oauth2-proxy`
- [#432](https://github.com/oauth2-proxy/oauth2-proxy/pull/432) Update ruby dependencies for documentation (@theobarberbany)
- [#471](https://github.com/oauth2-proxy/oauth2-proxy/pull/471) Add logging in case of invalid redirects (@gargath)
# v5.1.0

3
oauthproxy.go
View File

@ -576,6 +576,7 @@ func (p *OAuthProxy) IsValidRedirect(redirect string) bool {
case strings.HasPrefix(redirect, "http://") || strings.HasPrefix(redirect, "https://"):
redirectURL, err := url.Parse(redirect)
if err != nil {
logger.Printf("Rejecting invalid redirect %q: scheme unsupported or missing", redirect)
return false
}
redirectHostname := redirectURL.Hostname()
@ -600,8 +601,10 @@ func (p *OAuthProxy) IsValidRedirect(redirect string) bool {
}
}
logger.Printf("Rejecting invalid redirect %q: domain / port not in whitelist", redirect)
return false
default:
logger.Printf("Rejecting invalid redirect %q: not an absolute or relative URL", redirect)
return false
}
}