mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
In order to redirect the user after authentication, Authelia uses rd query parameter provided by the proxy. However an attacker could use phishing to make the user be redirected to a bad domain. In order to avoid the user to be redirected to a bad location, Authelia now verifies the redirection URL is under the protected domain.
11 lines
240 B
TypeScript
11 lines
240 B
TypeScript
export class DomainExtractor {
|
|
static fromUrl(url: string): string {
|
|
if (!url) return;
|
|
const matches = url.match(/(https?:\/\/)?([a-zA-Z0-9_.-]+).*/);
|
|
|
|
if (matches.length > 2) {
|
|
return matches[2];
|
|
}
|
|
return;
|
|
}
|
|
} |