Skip to content
This repository has been archived by the owner on Jan 24, 2021. It is now read-only.

Open redirect in UserLoggedInRedirectResponse #893

Closed
logicbomb opened this issue Jan 7, 2013 · 3 comments
Closed

Open redirect in UserLoggedInRedirectResponse #893

logicbomb opened this issue Jan 7, 2013 · 3 comments
Labels
Breaking Change Bug
Milestone
0.15.1

Comments

@logicbomb
Copy link
Contributor

https://github.com/NancyFx/Nancy/blob/master/src/Nancy.Authentication.Forms/FormsAuthentication.cs#L81

The method will redirect to a URL even if it isn't local in Nancy.Authentication.Forms.FormsAuthentication.UserLoggedInRedirectResponse
grumpydev added a commit that referenced this issue Jan 8, 2013
@grumpydev
Merge pull request #895 from grumpydev/OpenRedirect-893
7b3a639 
Local url validation and forms auth fix to fix #893
@grumpydev
Copy link
Member

@logicbomb this should now be fixed in master if you can give it a whirl?

@logicbomb
Copy link
Contributor Author

This did the trick, the redirect works as expected.

@grumpydev
Copy link
Member

@logicbomb thanks for checking it .. I've just pushed 0.15.1 to nuget with this fix in

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Breaking Change Bug
Projects
None yet
Milestone
0.15.1
Development

No branches or pull requests
2 participants
@logicbomb @grumpydev