545ba4ec95
HTTPS redirection rebuilds the full URL using req.originalUrl, which includes query parameters (see https://expressjs.com/en/api.html#req.originalUrl). Prior to this patch, appending the stringified query params to req.originalUrl resulted in duplicate parameters, e.g. wiki.js/callback?session=123&code=abc?session=123&code=abc which caused errors when being redirected from an insecure (http://) callback URL to a secure version when using OIDC (e.g. with keycloak). This issue is probably rare, but in cases where HTTPS redirection is enabled and a user tries to hit an insecure URL with query parameters, it could cause problems. |
||
---|---|---|
.devcontainer | ||
.github | ||
.vscode | ||
client | ||
dev | ||
server | ||
.babelrc | ||
.editorconfig | ||
.eslintignore | ||
.eslintrc.yml | ||
.gitattributes | ||
.gitignore | ||
.npmrc | ||
.nvmrc | ||
config.sample.yml | ||
cypress.json | ||
LICENSE | ||
package.json | ||
README.md | ||
SECURITY.md | ||
yarn.lock |
- Official Website
- Documentation
- Requirements
- Installation
- Demo
- Changelog
- Feature Requests
- Chat with us on Slack
- Translations (We need your help!)
- E2E Testing Results
- Special Thanks
- Contribute
Follow our Twitter feed to learn about upcoming updates and new releases!
Donate
Wiki.js is an open source project that has been made possible due to the generous contributions by community backers. If you are interested in supporting this project, please consider becoming a sponsor, becoming a patron, donating to our OpenCollective, via Paypal or via Ethereum (0xe1d55c19ae86f6bcbfb17e7f06ace96bdbb22cb5
).
Gold Tier Sponsors
GitHub Sponsors
Support this project by becoming a sponsor. Your name will show up in the Contribute page of all Wiki.js installations as well as here with a link to your website! [Become a sponsor]
Alexander Casassovici (@alexksso) |
Broxen (@broxen) |
Dacon (@xDacon) |
Jay Daley (@JayDaley) |
Oleksii (@idokka) |
|
|
|
OpenCollective Sponsors
Support this project by becoming a sponsor. Your logo will show up in the Contribute page of all Wiki.js installations as well as here with a link to your website! [Become a sponsor]
Patreon Backers
Thank you to all our patrons! 🙏 [Become a patron]
|
|
OpenCollective Backers
Thank you to all our backers! 🙏 [Become a backer]
Contributors
This project exists thanks to all the people who contribute. [Contribute].
Special Thanks
Browserstack for providing access to their great cross-browser testing tools.
Cloudflare for providing their great CDN, SSL and advanced networking services.
DigitalOcean for providing hosting of the Wiki.js documentation site and APIs.
Icons8 for providing access to their beautiful icon sets.
Localazy for providing access to their great localization service.
Lokalise for providing access to their great localization tool.
MacStadium for providing access to their Mac hardware in the cloud.
Netlify for providing hosting for our website.
ngrok for providing access to their great HTTP tunneling services.
Porkbun for providing domain registration services.