public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
oauth2-proxy/pkg
History
wucm667 1d218cd6c9
fix: allow https:// in query params while still blocking open redirects 
The invalidRedirectRegex was checking the entire redirect string including
query parameters, causing ADFS error callbacks to be rejected when
error_description contains URLs (e.g., https://docs.microsoft.com/...).

Fix: Only check the path portion against the regex. Additionally, check
common redirect-related query parameters (url, next, redirect, etc.)
for open redirect patterns, but allow other params like error_description
to contain URLs.

Fixes #3404

Signed-off-by: wucm667 <stevenwucongmin@gmail.com>
 		2026-06-09 12:25:52 +02:00
..
apis chore(goconsts): use proper constants for http methods 2026-06-08 12:54:58 +02:00
app fix: allow https:// in query params while still blocking open redirects 2026-06-09 12:25:52 +02:00
authentication chore(goconsts): use proper constants for http methods 2026-06-08 12:54:58 +02:00
cookies Merge commit from fork 2026-04-13 18:22:56 +02:00
encryption fix alpha config 2025-11-16 22:38:40 +01:00
header revert: secrets as []byte instead of string 2025-11-16 22:38:42 +01:00
ip Merge commit from fork 2026-04-13 18:22:56 +02:00
logger Request ID Logging (#1087) 2021-03-21 18:20:57 +00:00
middleware Merge commit from fork 2026-04-13 18:22:56 +02:00
providers feat: add support for specifying allowed OIDC JWT signing algorithms (#2753) (#2851) 2026-03-18 22:24:27 +08:00
proxyhttp feat: add support for setting a unix binding's socket file mode (#3376) 2026-03-19 00:08:50 +08:00
requests chore(goconsts): use proper constants for http methods 2026-06-08 12:54:58 +02:00
sessions feat: add same site option for csrf cookies (#3347) 2026-03-18 23:14:36 +08:00
upstream chore(deps): bump Go to 1.26 and migrate upstream reverse proxies to Rewrite 2026-06-08 14:12:56 +02:00
util feat: allow arbitrary claims from the IDToken and IdentityProvider UserInfo endpoint to be added to the session state (#2685) 2026-03-14 12:04:33 +08:00
validation chore(deps): bump Go to 1.26 and migrate upstream reverse proxies to Rewrite 2026-06-08 14:12:56 +02:00
version feat: Replace default Go user-agent with oauth2-proxy and version (#2570) 2024-07-14 21:09:17 +01:00
watcher Fix Linting Errors (#1835) 2022-10-21 11:57:51 +01:00