252467100f
Make sure the "next" URL is in the same origin as Horizon before redirecting to it. Change-Id: I06b2bfc8e3638591615547780c3fa34b0abe19f6 Closes-bug: #1865026
8 lines
283 B
YAML
8 lines
283 B
YAML
---
|
|
security:
|
|
- |
|
|
An open redirect has been fixed, that could redirect users to arbitrary
|
|
addresses from certain views by specifying a "next" parameter in the URL.
|
|
Now the redirect will only work if the target URL is in the same domain,
|
|
and uses the same protocol.
|