public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
oauth2-proxy/pkg/app/redirect
History
wucm667 1d218cd6c9
fix: allow https:// in query params while still blocking open redirects 
The invalidRedirectRegex was checking the entire redirect string including
query parameters, causing ADFS error callbacks to be rejected when
error_description contains URLs (e.g., https://docs.microsoft.com/...).

Fix: Only check the path portion against the regex. Additionally, check
common redirect-related query parameters (url, next, redirect, etc.)
for open redirect patterns, but allow other params like error_description
to contain URLs.

Fixes #3404

Signed-off-by: wucm667 <stevenwucongmin@gmail.com>
 		2026-06-09 12:25:52 +02:00
..
director.go Create AppDirector for getting the application redirect URL 2021-06-19 11:23:32 +01:00
director_test.go Merge commit from fork 2026-04-13 18:22:56 +02:00
getters.go Create AppDirector for getting the application redirect URL 2021-06-19 11:23:32 +01:00
pagewriter_suite_test.go chore(deps): Updated to ginkgo v2 (#2459) 2024-07-18 22:41:02 +02:00
validator.go fix: allow https:// in query params while still blocking open redirects 2026-06-09 12:25:52 +02:00
validator_test.go chore(deps): Updated to ginkgo v2 (#2459) 2024-07-18 22:41:02 +02:00