liz/wikijs-fork
liz/wikijs-fork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
wikijs-fork/server
History
Kyle Gehmlich 545ba4ec95
fix: remove duplicate query parameters on HTTPS redirect (#6460) 
HTTPS redirection rebuilds the full URL using req.originalUrl, which
includes query parameters (see
https://expressjs.com/en/api.html#req.originalUrl). Prior to this patch,
appending the stringified query params to req.originalUrl resulted in
duplicate parameters, e.g.
wiki.js/callback?session=123&code=abc?session=123&code=abc
which caused errors when being redirected from an insecure (http://)
callback URL to a secure version when using OIDC (e.g. with keycloak).

This issue is probably rare, but in cases where HTTPS redirection is
enabled and a user tries to hit an insecure URL with query parameters,
it could cause problems.
2023-06-03 23:19:01 -04:00
..
app
feat: footer text override option
2023-02-16 20:45:55 -05:00
controllers
fix: remove duplicate query parameters on HTTPS redirect (#6460)
2023-06-03 23:19:01 -04:00
core
fix(git): handle file renames between folders (#6020)
2023-01-29 23:09:33 -05:00
db
fix: force lowercase for email on local auth
2020-09-09 19:59:46 -04:00
graph
feat: footer text override option
2023-02-16 20:45:55 -05:00
helpers
feat: add asciidoc editor module (#5954)
2022-12-23 20:19:16 -05:00
jobs
fix: sanitize SVG uploads
2021-12-17 21:41:38 -05:00
locales
feat: load dev locale files
2019-02-09 12:34:27 -05:00
middlewares
fix: remove unused middleware
2021-09-11 21:02:53 -04:00
models
fix: add new props to existing auth strategies (#6250)
2023-03-17 17:27:31 -04:00
modules
feat(auth): allow custom GitLab endpoints for self-managed instances (#6399)
2023-05-11 20:42:17 -04:00
templates
feat: password reset
2020-08-30 21:46:55 -04:00
test/helpers
refactor: server code (#2545)
2020-10-14 11:16:27 -04:00
themes/default
feat: admin edit user (wip)
2019-08-11 23:26:29 -04:00
views
fix: disable template compilation in source view
2023-06-03 23:15:22 -04:00
index.js
feat: warn and exit on unsupported node version
2023-05-11 21:10:15 -04:00
master.js
fix: handle empty ToC position value
2023-02-16 23:58:52 -05:00
setup.js
feat(mail): allow setting of mailer identifying name (#5363)
2022-06-10 23:15:00 -04:00