llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-02 11:20:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: add util.IsValidOrigin() to improve CORS filter (#3301)

Browse Source 
* fix: CORS check issue

* fix: promote format

* fix: promote format

* fix: promote format

* fix: promote format

* Update application.go

* Update cors_filter.go

* Update validation.go

---------

Co-authored-by: Yang Luo <hsluoyz@qq.com>
This commit is contained in:
DacongDA
2024-10-20 20:09:21 +08:00
committed by GitHub
parent 6fcdad2100
commit c0800b7fb3
3 changed files with 36 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
object/application.go
View File

@ -723,8 +723,15 @@ func (application *Application) GetId() string {
}
func (application *Application) IsRedirectUriValid(redirectUri string) bool {
redirectUris := append([]string{"http://localhost:", "https://localhost:", "http://127.0.0.1:", "http://casdoor-app", ".chromiumapp.org"}, application.RedirectUris...)
for _, targetUri := range redirectUris {
isValid, err := util.IsValidOrigin(redirectUri)
if err != nil {
panic(err)
}
if isValid {
return true
}
for _, targetUri := range application.RedirectUris {
targetUriRegex := regexp.MustCompile(targetUri)
if targetUriRegex.MatchString(redirectUri) || strings.Contains(redirectUri, targetUri) {
return true