Fix error in check for proxy scenario

main
Dimitri Huisman 2 years ago
parent 4912fa1dff
commit f20208fb4b
No known key found for this signature in database

@ -78,8 +78,8 @@ def logout():
Redirect to the url passed in parameter if any; Ensure that this is not an open-redirect too... Redirect to the url passed in parameter if any; Ensure that this is not an open-redirect too...
https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
""" """
def _has_usable_redirect(): def _has_usable_redirect(is_proxied=False):
if 'homepage' in flask.request.url and not (flask.request.headers.get(app.config['PROXY_AUTH_HEADER']) and not 'noproxyauth'): if 'homepage' in flask.request.url and not is_proxied:
return None return None
if url := flask.request.args.get('url'): if url := flask.request.args.get('url'):
url = url_unquote(url) url = url_unquote(url)
@ -101,7 +101,7 @@ def _proxy():
if not email: if not email:
return flask.abort(500, 'No %s header' % app.config['PROXY_AUTH_HEADER']) return flask.abort(500, 'No %s header' % app.config['PROXY_AUTH_HEADER'])
url = _has_usable_redirect() or app.config['WEB_ADMIN'] url = _has_usable_redirect(True) or app.config['WEB_ADMIN']
user = models.User.get(email) user = models.User.get(email)
if user: if user:

Loading…
Cancel
Save