phosphor-webui - OpenBMC Phosphor WebUI sources

diff options

author	James Feist <james.feist@linux.intel.com>	2020-02-10 09:25:07 -0800
committer	Gunnar Mills <gmills@us.ibm.com>	2020-02-11 16:43:02 +0000
commit	b0a0847a8eb02ae21f755942799a81c6e3475e64 (patch)
tree	11308d08bd2e0ad95d47fd8ffbad934fc2e58375 /app/common/directives/app-header.html
parent	425ed044e9422ad17e8d1924387620cd3d925f37 (diff)
download	phosphor-webui-b0a0847a8eb02ae21f755942799a81c6e3475e64.tar.gz phosphor-webui-b0a0847a8eb02ae21f755942799a81c6e3475e64.zip

Block forwarding to non-local url

Currently we don't protect against forwarding to remote url, so things like: https://<bmc-address>/#/login?next=http:%2F%2Fyahoo.com can be used to forward an unsuspecting user to a different url. This fixes that issue. Tested: Local redirects still work, above link does not Closes #109 Change-Id: I4d6c52880156802860f405af43037fb84235912f Signed-off-by: James Feist <james.feist@linux.intel.com>

Diffstat (limited to 'app/common/directives/app-header.html')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: