Commit graph

4 commits

Author SHA1 Message Date
Bob Van Landuyt
39916fdfed Reuses InternalRedirect when possible
`InternalRedirect` prevents Open redirect issues by only allowing
redirection to paths on the same host.

It cleans up any unwanted strings from the path that could point to
another host (fe. //about.gitlab.com/hello). While preserving the
querystring and fragment of the uri.

It is already used by:

- `TermsController`
- `ContinueParams`
  - `ImportsController`
  - `ForksController`
- `SessionsController`: Only for verifying the host in CE. EE allows
   redirecting to a different instance using Geo.
2018-05-04 13:54:43 +02:00
Sean McGivern
d687f6436a Merge branch 'open-redirect-fix-continue-to' into 'security'
Fix for open redirect vuln involving continue[to] params

See merge request !2083
2017-04-05 21:07:26 -07:00
Zeger-Jan van de Weg
5352ec2e21 Fix denting and spec 2016-03-13 13:44:31 +01:00
Zeger-Jan van de Weg
dfb96ed84b ContinueToParams -> ContinueParams 2016-03-13 13:13:19 +01:00
Renamed from app/controllers/concerns/continue_to_params.rb (Browse further)