Validate state param while redirecting

2016-01-19 13:14:16 +05:30 · 2016-01-19 13:14:16 +05:30 · f957a1e435
commit f957a1e435
parent 613a342115
1 changed files with 1 additions and 1 deletions
--- a/oauthproxy.go
+++ b/oauthproxy.go
@ -476,7 +476,7 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
 	}

 	redirect := req.Form.Get("state")
-	if redirect == "" {
+	if !strings.HasPrefix(redirect, "/") {
 		redirect = "/"
 	}