Skip to content
This repository was archived by the owner on Jan 24, 2019. It is now read-only.

Allow redirect URL to be passed in the query string.#427

Open
johnbelamaric wants to merge 1 commit into
bitly:masterfrom
johnbelamaric:allow-rd-in-querystring
Open

Allow redirect URL to be passed in the query string.#427
johnbelamaric wants to merge 1 commit into
bitly:masterfrom
johnbelamaric:allow-rd-in-querystring

Conversation

@johnbelamaric

@johnbelamaric johnbelamaric commented Jul 22, 2017

Copy link
Copy Markdown

When using the Kubernetes nginx ingress controller, the sign_in page is reached via a 302 redirect, which means that we cannot use the X-Auth-Request-Redirect header. Instead, we need to be able to include the URL in the query string.

@aledbf

aledbf commented Aug 17, 2017

Copy link
Copy Markdown

Any update on this?

@ploxiln

ploxiln commented Aug 17, 2017
edited
Loading

Copy link
Copy Markdown
Contributor
  • your kubernetes thing could just 302 redirect to .../oauth2/start?rd=... instead
  • if you really want this here, you should use GetRedirect() here (it does a bit more to prevent "open-redirects")

@aledbf

aledbf commented Aug 17, 2017

Copy link
Copy Markdown

@ploxiln is possible a redirect to a different host?

@ploxiln

ploxiln commented Aug 17, 2017

Copy link
Copy Markdown
Contributor

see #399

@aledbf

aledbf commented Aug 17, 2017

Copy link
Copy Markdown

@ploxiln ok, so the recommendation is to not allow "external" redirects or adding the whitelist domain flag is ok?

@ploxiln

ploxiln commented Aug 17, 2017

Copy link
Copy Markdown
Contributor

A domain whitelist feature would be as good as the current status-quo from a security/phishing perspective. It's just arbitrary (completely unrestricted) redirect domain which is problematic.

@ploxiln ploxiln mentioned this pull request Sep 27, 2017
Open
krogon-dp added a commit to krogon-dp/oauth2_proxy that referenced this pull request Sep 27, 2017
@krogon-dp
Fixes: bitly#456 bitly#427
981aba7
@ploxiln ploxiln mentioned this pull request Sep 27, 2017
Closed
boivie added a commit to boivie/oauth2_proxy that referenced this pull request Sep 30, 2017
@boivie
Allow redirect URL to be provided as ?rd=XXX
0434260 
In addition to the X-Auth-Request-Redirect header, which
still has precedence.

Fixes bitly#427
@boivie boivie mentioned this pull request Sep 30, 2017
Open
@JordanP JordanP mentioned this pull request Dec 30, 2017
Open
@ploxiln ploxiln mentioned this pull request Jan 18, 2018
Open
@jameshartig jameshartig mentioned this pull request Jan 25, 2018
Merged
@kinghrothgar kinghrothgar mentioned this pull request Feb 2, 2018
Closed
@JordanP JordanP mentioned this pull request May 16, 2018
Closed
@compleatang compleatang mentioned this pull request Aug 1, 2018
Closed
@osterman osterman mentioned this pull request Aug 6, 2018
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@johnbelamaric @aledbf @ploxiln