search

florczakraf / boogie-stats

A pass-through proxy for groovestats.com that records non-ranked song scores.
https://boogiestats.andr.host
Other
14 stars 9 forks source link

Allow only local redirects on log-in #176

Closed florczakraf closed 6 months ago

florczakraf commented 6 months ago

This addresses CWE-601: URL Redirection to Untrusted Site.

It was possible to point a user to <BSaddr>/login/?next=https://example.com which on successful login would perform a redirect to an external site.