wikijs-fork

liz/wikijs-fork

Fork 0

Commit Graph

Author	SHA1	Message	Date
Kyle Gehmlich	545ba4ec95	fix: remove duplicate query parameters on HTTPS redirect (#6460 ) HTTPS redirection rebuilds the full URL using req.originalUrl, which includes query parameters (see https://expressjs.com/en/api.html#req.originalUrl). Prior to this patch, appending the stringified query params to req.originalUrl resulted in duplicate parameters, e.g. wiki.js/callback?session=123&code=abc?session=123&code=abc which caused errors when being redirected from an insecure (http://) callback URL to a secure version when using OIDC (e.g. with keycloak). This issue is probably rare, but in cases where HTTPS redirection is enabled and a user tries to hit an insecure URL with query parameters, it could cause problems.	2023-06-03 23:19:01 -04:00
NGPixel	ae53484abd	feat: admin ssl - renew cert + toggle redirection btn	2020-01-19 21:30:25 -05:00

Author

SHA1

Message

Date

Kyle Gehmlich

545ba4ec95

fix: remove duplicate query parameters on HTTPS redirect (#6460 )

HTTPS redirection rebuilds the full URL using req.originalUrl, which
includes query parameters (see
https://expressjs.com/en/api.html#req.originalUrl). Prior to this patch,
appending the stringified query params to req.originalUrl resulted in
duplicate parameters, e.g.
wiki.js/callback?session=123&code=abc?session=123&code=abc
which caused errors when being redirected from an insecure (http://)
callback URL to a secure version when using OIDC (e.g. with keycloak).

This issue is probably rare, but in cases where HTTPS redirection is
enabled and a user tries to hit an insecure URL with query parameters,
it could cause problems.

2023-06-03 23:19:01 -04:00

NGPixel

ae53484abd

feat: admin ssl - renew cert + toggle redirection btn

2020-01-19 21:30:25 -05:00

2 Commits