search

qvest-digital / loginsrv

JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd, osiam, ..
MIT License
1.92k stars 150 forks source link

Has prevent-external-redirects been removed? #162

Closed joshstrange closed 4 years ago

joshstrange commented 4 years ago

I'm getting an error trying to use it in caddy and I found this commit which seems to indicate it has been removed in favor of a whitelist

Is it just the readme that is out of date on this or am I missing something else?

magikstm commented 4 years ago

Your research are right. This parameter has been removed in favor of a whitelist.

The whitelist can be configured with the parameter: -redirect-host-file

https://github.com/tarent/loginsrv/blob/master/login/redirect.go#L97 https://github.com/tarent/loginsrv/blob/master/login/config.go#L154

magikstm commented 4 years ago

The parameter: -prevent-external-redirects

Should be removed from the doc.