mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
In order to redirect the user after authentication, Authelia uses rd query parameter provided by the proxy. However an attacker could use phishing to make the user be redirected to a bad domain. In order to avoid the user to be redirected to a bad location, Authelia now verifies the redirection URL is under the protected domain.
8 lines
301 B
TypeScript
8 lines
301 B
TypeScript
import { DomainExtractor } from "./DomainExtractor";
|
||
|
||
export function BelongToDomain(url: string, domain: string): boolean {
|
||
const urlDomain = DomainExtractor.fromUrl(url);
|
||
if (!urlDomain) return false;
|
||
const idx = urlDomain.indexOf(domain);
|
||
return idx + domain.length == urlDomain.length;
|
||
} |