Re: [PATCH] Mitigating "Covert Redirect"
Dne 3.5.2014 04:28, Ralph Bean napsal(a):
As a workaround, I've attached a second patch that tells copr to
just ignore
the 'next' parameter and redirect always back to the copr root url. This
second workaround patch is applied as a 'hotfix' in ansible and deployed to the
copr cloud node.
- return flask.redirect(oid.get_next_url())
+ return flask.redirect(flask.request.url_root)
Is it not possible to check if oid.get_next_url() starts with '/' and
use it only then?
if oid.get_next_url().starstwith('/'):
return flask.redirect(oid.get_next_url())
else:
return flask.redirect(flask.request.url_root)
If oid.get_next_url() is an absolute URL (as it sounds to me) the check
might be a bit more complex (i.e. allow both http and https and both
copr-fe.cloud.fedoraproject.org and copr.fedoraproject.org).
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok