Commit b87a8641 authored by Gandalf's avatar Gandalf
Browse files

fix: Add redirect URL validation to OIDC flow 

Add defense-in-depth validation for redirect URLs in the OIDC login
and consent flow. While oidc-provider generates returnTo internally,
validating it protects against potential library bugs or manipulation.

Validation allows:
- Relative URLs starting with the OIDC prefix (/oidc/...)
- Absolute URLs with the same origin as the site

Invalid redirects are logged for security monitoring.
parent 097d63ef
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment