liz/wikijs-fork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Open Redirect Vulnerability Mitigation - CWE 601 (#1963)

Browse Source 
* Open redirect vulnerabilty mitigation

* Refacted Open Redirect to user configurable and corrected incorrect security variable names.

Co-authored-by: danallendds <daniel.allen@friends.dds.mil>
This commit is contained in:
daneallen
2020-05-29 18:24:20 -04:00
committed by GitHub
parent 4b93e04261
commit 20e6bc1a70
5 changed files with 27 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
server/graph/resolvers/site.js
View File

@@ -67,6 +67,7 @@ module.exports = {
}
WIKI.config.security = {
securityOpenRedirect: _.get(args, 'securityOpenRedirect', WIKI.config.security.securityOpenRedirect),
securityIframe: _.get(args, 'securityIframe', WIKI.config.security.securityIframe),
securityReferrerPolicy: _.get(args, 'securityReferrerPolicy', WIKI.config.security.securityReferrerPolicy),
securityTrustProxy: _.get(args, 'securityTrustProxy', WIKI.config.security.securityTrustProxy),