Validate state param while redirecting

This commit is contained in:
Pranay Kanwar 2016-01-19 13:14:16 +05:30
parent 613a342115
commit f957a1e435

View File

@ -476,7 +476,7 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
}
redirect := req.Form.Get("state")
if redirect == "" {
if !strings.HasPrefix(redirect, "/") {
redirect = "/"
}