You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 20, 2023. It is now read-only.
Currently we don't protect against forwarding to remote
url, so things like:
https://<bmc-address>/#/login?next=http:%2F%2Fyahoo.com
can be used to forward an unsuspecting user to a different
url. This fixes that issue.
Tested: Local redirects still work, above link does not
Closesopenbmc#109
Change-Id: I4d6c52880156802860f405af43037fb84235912f
Signed-off-by: James Feist <james.feist@linux.intel.com>
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
phosphor-webui/app/login/controllers/login-controller.js
Line 46 in c652ed1
This can be used to redirect a user anywhere given a bad link, should check first that redirect is local to current host.
The text was updated successfully, but these errors were encountered: