projects / Evergreen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a7e28c6) | patch
LP#1908576: Restrict login redirection
authorMike Rylander <mrylander@gmail.com>
Thu, 1 Dec 2022 19:13:35 +0000 (14:13 -0500)
committerJason Stephenson <jason@sigio.com>
Wed, 17 May 2023 19:46:34 +0000 (15:46 -0400)
commit14894cf43e604eae49be05f653c9686684c2ec3c
treeffc5f4176ba0f743411464497bbede034a5db498tree
parenta7e28c629f39ab6b17bf3cbe84a285070ff1407bcommit | diff
LP#1908576: Restrict login redirection

This commit implements a new global flag: opac.login_redirect_domains
When this flag is enabled, redirection from login via redirect_to will
be restricted to local URLs.  For local URLs, they must either start
with a / (provide an absolute path) or the hostname in the URL must
match the current hostname and have a scheme of http, https, ftp, or
ftps.

The value for the global flag can be set to a list of comma-separated
domain names.  Redirection to these domains, and subdomains/hosts
thereof, will also be allowed.  For all non-local URLs allowed by the
global flag value, the scheme must be one of http, https, ftp, or ftps.

Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm diff | blob | history
Open-ILS/src/sql/Pg/950.data.seed-values.sql diff | blob | history
Open-ILS/src/sql/Pg/upgrade/XXXX.data.login_redirect_regexp.sql [new file with mode: 0644] blob
Evergreen ILS