projects / Evergreen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bbb1539) | patch
LP#1908576: Restrict login redirection
authorMike Rylander <mrylander@gmail.com>
Thu, 1 Dec 2022 19:13:35 +0000 (14:13 -0500)
committerJason Boyer <JBoyer@equinoxOLI.org>
Wed, 17 May 2023 20:28:37 +0000 (16:28 -0400)
commitdcc7ab90d372dfefd1c33202400b0a0b5433bc7b
tree9c3b4a0e9f7f5b41fefb3e55ec8914c6b556ee55tree
parentbbb1539ba722bb16b380ceef8915ddbc8ff01a6fcommit | diff
LP#1908576: Restrict login redirection

This commit implements a new global flag: opac.login_redirect_domains
When this flag is enabled, redirection from login via redirect_to will
be restricted to local URLs.  For local URLs, they must either start
with a / (provide an absolute path) or the hostname in the URL must
match the current hostname and have a scheme of http, https, ftp, or
ftps.

The value for the global flag can be set to a list of comma-separated
domain names.  Redirection to these domains, and subdomains/hosts
thereof, will also be allowed.  For all non-local URLs allowed by the
global flag value, the scheme must be one of http, https, ftp, or ftps.

Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm diff | blob | history
Open-ILS/src/sql/Pg/950.data.seed-values.sql diff | blob | history
Open-ILS/src/sql/Pg/upgrade/XXXX.data.login_redirect_regexp.sql [new file with mode: 0644] blob
Evergreen ILS