Should we follow the same approach, or consider something different? Maybe Introduce a RedirectsServiceProvider as a central place for redirections to reference permitted domains? Perhaps extend RedirectRespose so that it can handle permitted domains behind the scenes?
Current Behavior
By manipulating the
/logout
endpoint, it is possible to trigger a redirect to any other url.Steps to Reproduce
Visit
/logout?return=https://evil.com
, notice you are redirected toevil.com
Expected Behavior
By default, redirection to other hosts should not be permitted. It should be possible to create a whitelist of domains permitted in neccessary.
Screenshots
No response
Environment
Output of
php flarum info
Possible Solution
Fixed on the
1.x
branch https://github.com/flarum/framework/pull/3948Should we follow the same approach, or consider something different? Maybe Introduce a
RedirectsServiceProvider
as a central place for redirections to reference permitted domains? Perhaps extendRedirectRespose
so that it can handle permitted domains behind the scenes?Additional Context
No response