oauth2-proxy

History

wucm667 1d218cd6c9 fix: allow https:// in query params while still blocking open redirects The invalidRedirectRegex was checking the entire redirect string including query parameters, causing ADFS error callbacks to be rejected when error_description contains URLs (e.g., https://docs.microsoft.com/...). Fix: Only check the path portion against the regex. Additionally, check common redirect-related query parameters (url, next, redirect, etc.) for open redirect patterns, but allow other params like error_description to contain URLs. Fixes #3404 Signed-off-by: wucm667 <stevenwucongmin@gmail.com>	2026-06-09 12:25:52 +02:00
..
openredirects.txt	fix: allow https:// in query params while still blocking open redirects	2026-06-09 12:25:52 +02:00

fix: allow https:// in query params while still blocking open redirects

The invalidRedirectRegex was checking the entire redirect string including
query parameters, causing ADFS error callbacks to be rejected when
error_description contains URLs (e.g., https://docs.microsoft.com/...).

Fix: Only check the path portion against the regex. Additionally, check
common redirect-related query parameters (url, next, redirect, etc.)
for open redirect patterns, but allow other params like error_description
to contain URLs.

Fixes #3404

Signed-off-by: wucm667 <stevenwucongmin@gmail.com>

2026-06-09 12:25:52 +02:00

openredirects.txt

fix: allow https:// in query params while still blocking open redirects

2026-06-09 12:25:52 +02:00