Avoid open redirect in login process
Add config option to allow redirect-with-token to http[s]://ipaddr:port/ where ipaddr is in one of the reserved private IP ranges ("not recommended for production")
Updated by Lucas Di Pentima 3 months ago
The code LGTM. There's just one suggestion:
LoginClusterfederations, the admin need to list the satellite cluster's URLs, so I think we would need one of two things:
- The easiest: Add a note about that on the upgrade notes.
- The fancier: Make
controllerdiscover the URLs, as it doesn't make sense to avoid logins on a LoginCluster.
The "fancier" may have some edge cases, like periodically polling for URL changes, and error handling, so the "easiest" alternative is fine with me, it would just add some burden to the admins
Good point. Added a bit to call out the federation case specifically.
Agree automatically recognizing remote clusters' URLs would be better, but I think we can call that an additional feature...? (We're already relying on adding these manually. I updated the relevant bits of the federation docs to a) remind to add wb2 as well as wb1 and b) use proper example domains like cluster2.example instead of cluster2.com)
19240-check-redirect @ 710dc7f830f65232389cf191028edfdfe4cefe77