polx
commented
3 years ago @surli : can you give a code example in groovy (where Context is available) and java (where XWikiContext is)?
Closed surli closed 3 years ago
polx
commented
3 years ago @surli : can you give a code example in groovy (where Context is available) and java (where XWikiContext is)?
surli
commented
3 years ago So for groovy you can probably directly use the execution component, so you can take inspiration on @tmortagne code for OIDC I think: https://github.com/xwiki-contrib/oidc/commit/c8681d75804956087841f7075b7d4b1e986fdde6
If you don't want to use components, you can always access the ExecutionContext by using something like:
context.getXWikiContext().get(XWikiContext.EXECUTIONCONTEXT_KEY)
XWiki 13.3RC1 and 12.10.7 introduced a security mechanism to avoid redirecting users to untrusted domains. Extension which uses this API can still bypass the check by setting
bypassDomainSecurityCheckto true in the execution context before using the redirect API, to avoid problems if administrators don't properly set it up.