Closed imorland closed 9 months ago
Would be nice to see an integration test, but otherwise the code makes sense!
I did try, however we need to make some changes to flarum/testing
in order to pass the query string, as it looks like this is not currently supported.
For example:
public function logout_with_forum_redirect(string $returnUrl)
{
$encodedReturnUrl = urlencode($returnUrl);
$response = $this->send(
$this->request('GET', '/logout?return=' . $encodedReturnUrl)
);
$this->assertEquals(302, $response->getStatusCode());
$this->assertEquals($returnUrl, $response->getHeaderLine('location'));
}
This is a test I attempted to write for this, but we currently don't have the ability to pass the query, due to https://github.com/flarum/framework/blob/45a8b572e3bbedc80296e07d3125ba2f3c63f077/php-packages/testing/src/integration/TestCase.php#L269
Prevents open redirects on the
LogoutController
By default, only return URL's on the forum host are permitted. Additional domains may be whitelisted using
config.php
: