sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-18 08:16:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix minor potential security issues with OIDC

Browse Source
This commit is contained in:
Alisdair MacLeod
2026-02-04 12:25:19 +00:00
parent a89bb807a6
commit a0005a604e
3 changed files with 35 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
management/server/http/handlers/proxy/auth.go
View File

@@ -72,6 +72,9 @@ func (h *AuthCallbackHandler) handleCallback(w http.ResponseWriter, r *http.Requ
}
redirectURL.RawQuery = redirectQuery.Encode()
log.WithField("redirect", redirectURL).Debug("OAuth callback: redirecting user with token")
// Redirect must be HTTPS, regardless of what was originally intended (which should always be HTTPS but better to double-check here).
redirectURL.Scheme = "https"
log.WithField("redirect", redirectURL.String()).Debug("OAuth callback: redirecting user with token")
http.Redirect(w, r, redirectURL.String(), http.StatusFound)
}