authelia/shared
Clement Michaud 42581dfe93 Fix open redirection vulnerability.
In order to redirect the user after authentication, Authelia uses
rd query parameter provided by the proxy. However an attacker could
use phishing to make the user be redirected to a bad domain. In order
to avoid the user to be redirected to a bad location, Authelia now
verifies the redirection URL is under the protected domain.
2018-11-17 17:48:20 +01:00
..
types Split client and server 2017-10-07 00:49:42 +02:00
api.ts Support 'redirect' in /api/verify endpoint to support Traefik 2017-12-04 22:52:33 +01:00
BelongToDomain.ts Fix open redirection vulnerability. 2018-11-17 17:48:20 +01:00
constants.ts Rename redirect query parameter into rd for compatibility with nginx-ingress 2018-04-24 23:03:09 +02:00
DomainExtractor.spec.ts Fix open redirection vulnerability. 2018-11-17 17:48:20 +01:00
DomainExtractor.ts Fix open redirection vulnerability. 2018-11-17 17:48:20 +01:00
ErrorMessage.ts Add default_redirection_url as configuration option 2017-10-31 07:27:23 +01:00
RedirectionMessage.ts Add default_redirection_url as configuration option 2017-10-31 07:27:23 +01:00
SignMessage.ts Split client and server 2017-10-07 00:49:42 +02:00
UserMessages.ts Fix open redirection vulnerability. 2018-11-17 17:48:20 +01:00