feat(authn-oidc): use relative redirection to prevent internal/public host mixing
This commit is contained in:
parent
d5c846a9ce
commit
3e5dd446cb
@ -2,6 +2,7 @@ package oidc
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strings"
|
||||
@ -74,7 +75,7 @@ func (c *Client) login(w http.ResponseWriter, r *http.Request, sess *sessions.Se
|
||||
|
||||
sess.Values[sessionKeyLoginState] = state
|
||||
sess.Values[sessionKeyLoginNonce] = nonce
|
||||
sess.Values[sessionKeyPostLoginRedirectURL] = originalURL.String()
|
||||
sess.Values[sessionKeyPostLoginRedirectURL] = fmt.Sprintf("%s?%s", originalURL.Path, originalURL.Query().Encode())
|
||||
|
||||
if err := sess.Save(r, w); err != nil {
|
||||
logger.Error(ctx, "could not save session", logger.E(errors.WithStack(err)))
|
||||
|
Loading…
Reference in New Issue
Block a user