old-git.evergreen-ils.org Git - Evergreen.git/commit

author	Mike Rylander <mrylander@gmail.com>
	Thu, 1 Dec 2022 19:13:35 +0000 (14:13 -0500)
committer	Jason Boyer <JBoyer@equinoxOLI.org>
	Wed, 17 May 2023 20:00:58 +0000 (16:00 -0400)
commit	8b611110df540fd86d87d4f160bd5b9f6d44c8d6
tree	07e8a3f1f96b9becb86f7860dd8c1bc1171f2368	tree
parent	7bab49aaedcf18ac87c6fe2465d0a3c78cd220b1	commit \| diff

LP#1908576: Restrict login redirection

This commit implements a new global flag: opac.login_redirect_domains
When this flag is enabled, redirection from login via redirect_to will
be restricted to local URLs.  For local URLs, they must either start
with a / (provide an absolute path) or the hostname in the URL must
match the current hostname and have a scheme of http, https, ftp, or
ftps.

The value for the global flag can be set to a list of comma-separated
domain names.  Redirection to these domains, and subdomains/hosts
thereof, will also be allowed.  For all non-local URLs allowed by the
global flag value, the scheme must be one of http, https, ftp, or ftps.

Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>

Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm		diff \| blob \| history
Open-ILS/src/sql/Pg/950.data.seed-values.sql		diff \| blob \| history
Open-ILS/src/sql/Pg/upgrade/XXXX.data.login_redirect_regexp.sql	[new file with mode: 0644]	blob