old-git.evergreen-ils.org Git - evergreen/pines.git/commit

author	Mike Rylander <mrylander@gmail.com>
	Thu, 1 Dec 2022 19:13:35 +0000 (14:13 -0500)
committer	Jason Boyer <JBoyer@equinoxOLI.org>
	Wed, 17 May 2023 14:25:31 +0000 (10:25 -0400)
commit	27c128984a6ffe528117dfabdf456f43d6c7e096
tree	fb29d9e1a0a9a6dae48ff35cda0c3985e2002881	tree
parent	3d3621cef02b046b6bb4d93b76c6fed1b59e2aec	commit \| diff

LP#1908576: Restrict login redirection

This commit implements a new global flag: opac.login_redirect_domains
When this flag is enabled, redirection from login via redirect_to will
be restricted to local URLs.  For local URLs, they must either start
with a / (provide an absolute path) or the hostname in the URL must
match the current hostname and have a scheme of http, https, ftp, or
ftps.

The value for the global flag can be set to a list of comma-separated
domain names.  Redirection to these domains, and subdomains/hosts
thereof, will also be allowed.  For all non-local URLs allowed by the
global flag value, the scheme must be one of http, https, ftp, or ftps.

Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>

Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm		diff \| blob \| history
Open-ILS/src/sql/Pg/950.data.seed-values.sql		diff \| blob \| history
Open-ILS/src/sql/Pg/upgrade/XXXX.data.login_redirect_regexp.sql	[new file with mode: 0644]	blob