mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Make sure that effective domain actually is descendant of rp_id (#618)

Browse source
This commit is contained in:
Kerstin 2021-11-24 23:30:39 +01:00 committed by GitHub
parent 0f4189a57e
commit 492cb653e8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
kanidmd/src/lib/idm/server.rs
View file

@ -178,7 +178,10 @@ impl IdmServer {
})
.and_then(|url| {
let valid = url.domain().map(|effective_domain| {
effective_domain.ends_with(&rp_id)
// We need to prepend the '.' here to ensure that myexample.com != example.com,
// rather than just ends with.
effective_domain.ends_with(&format!(".{}", rp_id))
|| effective_domain == rp_id
}).unwrap_or(false);
if valid {