From f957a1e4356aa41dba12b21cc174cf90ad77719e Mon Sep 17 00:00:00 2001
From: Pranay Kanwar <pranay.kanwar@gmail.com>
Date: Tue, 19 Jan 2016 13:14:16 +0530
Subject: [PATCH] Validate state param while redirecting

---
 oauthproxy.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/oauthproxy.go b/oauthproxy.go
index dd69d6a..16adf22 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -476,7 +476,7 @@ func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
 	}
 
 	redirect := req.Form.Get("state")
-	if redirect == "" {
+	if !strings.HasPrefix(redirect, "/") {
 		redirect = "/"
 	}