205hlab-mirrors/authentik
2
0
Fork 0
mirror of https://github.com/goauthentik/authentik.git synced 2026-06-17 19:09:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

providers/proxy: Fix incorrect comparison of redirect URL and CookieDomain (#15686)

Browse Source 
* Fix incorect comparison of redirect URL and CookieDomain. Fixes #15685

According to docs, URL.Host contains the host and port, while Hostname
returns only the host without the port. CookieDomain obviously does not
contain the port. string.HasSuffix function is used, so if a port is set
in the redirect URL, this check always fails.

* Fixed missing parentheses

---------

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
This commit is contained in:
Vít Skalický
2026-01-22 18:44:22 +01:00
committed by GitHub
parent d60806dfc3
commit bc3a1f128b
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/outpost/proxyv2/application/oauth_state.go
+2 -2
View File
@@ -60,8 +60,8 @@ func (a *Application) checkRedirectParam(r *http.Request) (string, bool) {
return "", false
}
} else {
if !strings.HasSuffix(u.Host, *a.proxyConfig.CookieDomain) {
a.log.WithField("host", u.Host).WithField("dom", *a.proxyConfig.CookieDomain).Warning("redirect URI Host was not included in cookie domain")
if !strings.HasSuffix(u.Hostname(), *a.proxyConfig.CookieDomain) {
a.log.WithField("host", u.Hostname()).WithField("dom", *a.proxyConfig.CookieDomain).Warning("redirect URI Hostname was not included in cookie domain")
return "", false
}
}