summaryrefslogtreecommitdiff
path: root/internal/handlers/response.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/handlers/response.go')
-rw-r--r--internal/handlers/response.go12
1 files changed, 6 insertions, 6 deletions
diff --git a/internal/handlers/response.go b/internal/handlers/response.go
index d2d4072f9..c4b94058e 100644
--- a/internal/handlers/response.go
+++ b/internal/handlers/response.go
@@ -101,10 +101,8 @@ func Handle1FAResponse(ctx *middlewares.AutheliaCtx, targetURI, requestMethod st
}
ctx.Logger.Debugf("Redirection URL %s is safe", targetURI)
+ err = ctx.SetJSONBody(redirectResponse{Redirect: targetURI})
- response := redirectResponse{Redirect: targetURI}
-
- err = ctx.SetJSONBody(response)
if err != nil {
ctx.Logger.Errorf("Unable to set redirection URL in body: %s", err)
}
@@ -125,15 +123,17 @@ func Handle2FAResponse(ctx *middlewares.AutheliaCtx, targetURI string) {
return
}
- targetURL, err := url.ParseRequestURI(targetURI)
+ safe, err := utils.IsRedirectionURISafe(targetURI, ctx.Configuration.Session.Domain)
if err != nil {
- ctx.Error(fmt.Errorf("Unable to parse target URL: %s", err), messageMFAValidationFailed)
+ ctx.Error(fmt.Errorf("Unable to check target URL: %s", err), messageMFAValidationFailed)
return
}
- if targetURL != nil && utils.IsRedirectionSafe(*targetURL, ctx.Configuration.Session.Domain) {
+ if safe {
+ ctx.Logger.Debugf("Redirection URL %s is safe", targetURI)
err := ctx.SetJSONBody(redirectResponse{Redirect: targetURI})
+
if err != nil {
ctx.Logger.Errorf("Unable to set redirection URL in body: %s", err)
}