Block forwarding to non-local url

Currently we don't protect against forwarding to remote url, so things like: https://<bmc-address>/#/login?next=http:%2F%2Fyahoo.com can be used to forward an unsuspecting user to a different url. This fixes that issue. Tested: Local redirects still work, above link does not Closes openbmc#109 Change-Id: I4d6c52880156802860f405af43037fb84235912f Signed-off-by: James Feist <james.feist@linux.intel.com>
Intel-BMC · Feb 10, 2020 · 3e1cd51 · 3e1cd51
1 parent d1c6ba4
commit 3e1cd51
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/app/login/controllers/login-controller.js b/app/login/controllers/login-controller.js
@@ -40,7 +40,9 @@ window.angular && (function(angular) {
             if (status) {
               $scope.$emit('user-logged-in', {});
               var next = $location.search().next;
-              if (next === undefined || next == null) {
+              // don't allow forwarding to non-local urls
+              if (next === undefined || next == null ||
+                  next.indexOf('//') >= 0) {
                 $window.location.hash = '#/overview/server';
               } else {
                 $window.location.href = next;