public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

allow redirects to whitelisted hosts with ports

This commit is contained in:
Kamal Nasser 2019-10-11 15:39:57 +03:00
parent 62bf233682
commit bfb22506ff
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
oauthproxy.go
View File

@ -505,7 +505,7 @@ func (p *OAuthProxy) IsValidRedirect(redirect string) bool {
return false return false
} }
for _, domain := range p.whitelistDomains { for _, domain := range p.whitelistDomains {
if (redirectURL.Host == domain) || (strings.HasPrefix(domain, ".") && strings.HasSuffix(redirectURL.Host, domain)) { if (redirectURL.Hostname() == domain) || (strings.HasPrefix(domain, ".") && strings.HasSuffix(redirectURL.Hostname(), domain)) {
return true return true
} }
} }

6
oauthproxy_test.go
View File

@ -225,6 +225,12 @@ func TestIsValidRedirect(t *testing.T) {
invalidHTTPS2 := proxy.IsValidRedirect("https://evil.corp/redirect?rd=foo.bar") invalidHTTPS2 := proxy.IsValidRedirect("https://evil.corp/redirect?rd=foo.bar")
assert.Equal(t, false, invalidHTTPS2) assert.Equal(t, false, invalidHTTPS2)
validPort := proxy.IsValidRedirect("http://foo.bar:3838/redirect")
assert.Equal(t, true, validPort)
validPortSubdomain := proxy.IsValidRedirect("http://baz.bar.foo:3838/redirect")
assert.Equal(t, true, validPortSubdomain)
} }
type TestProvider struct { type TestProvider struct {