spec/controllers/concerns · aea8d02c284ba37e61bd5fbe4ce4245629e3a074 · Forest Godfrey / gitlab-ce

Reuses `InternalRedirect` when possible · 39916fdf

authored May 02, 2018

`InternalRedirect` prevents Open redirect issues by only allowing
redirection to paths on the same host.

It cleans up any unwanted strings from the path that could point to
another host (fe. //about.gitlab.com/hello). While preserving the
querystring and fragment of the uri.

It is already used by:

- `TermsController`
- `ContinueParams`
  - `ImportsController`
  - `ForksController`
- `SessionsController`: Only for verifying the host in CE. EE allows
   redirecting to a different instance using Geo.

39916fdf

Name	Last commit	Last update
..
checks_collaboration_spec.rb		Loading commit data...
continue_params_spec.rb		Loading commit data...
controller_with_cross_project_access_check_spec.rb		Loading commit data...
group_tree_spec.rb		Loading commit data...
internal_redirect_spec.rb		Loading commit data...
issuable_collections_spec.rb		Loading commit data...
lfs_request_spec.rb		Loading commit data...
send_file_upload_spec.rb		Loading commit data...