liz/wikijs-fork
liz/wikijs-fork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
545ba4ec95
wikijs-fork/server
History
Kyle Gehmlich 545ba4ec95
fix: remove duplicate query parameters on HTTPS redirect (#6460) 
HTTPS redirection rebuilds the full URL using req.originalUrl, which
includes query parameters (see
https://expressjs.com/en/api.html#req.originalUrl). Prior to this patch,
appending the stringified query params to req.originalUrl resulted in
duplicate parameters, e.g.
wiki.js/callback?session=123&code=abc?session=123&code=abc
which caused errors when being redirected from an insecure (http://)
callback URL to a secure version when using OIDC (e.g. with keycloak).

This issue is probably rare, but in cases where HTTPS redirection is
enabled and a user tries to hit an insecure URL with query parameters,
it could cause problems.
2023-06-03 23:19:01 -04:00
..
app feat: footer text override option 2023-02-16 20:45:55 -05:00
controllers fix: remove duplicate query parameters on HTTPS redirect (#6460) 2023-06-03 23:19:01 -04:00
core fix(git): handle file renames between folders (#6020) 2023-01-29 23:09:33 -05:00
db fix: force lowercase for email on local auth 2020-09-09 19:59:46 -04:00
graph feat: footer text override option 2023-02-16 20:45:55 -05:00
helpers feat: add asciidoc editor module (#5954) 2022-12-23 20:19:16 -05:00
jobs fix: sanitize SVG uploads 2021-12-17 21:41:38 -05:00
locales feat: load dev locale files 2019-02-09 12:34:27 -05:00
middlewares fix: remove unused middleware 2021-09-11 21:02:53 -04:00
models fix: add new props to existing auth strategies (#6250) 2023-03-17 17:27:31 -04:00
modules feat(auth): allow custom GitLab endpoints for self-managed instances (#6399) 2023-05-11 20:42:17 -04:00
templates feat: password reset 2020-08-30 21:46:55 -04:00
test/helpers refactor: server code (#2545) 2020-10-14 11:16:27 -04:00
themes/default feat: admin edit user (wip) 2019-08-11 23:26:29 -04:00
views fix: disable template compilation in source view 2023-06-03 23:15:22 -04:00
index.js feat: warn and exit on unsupported node version 2023-05-11 21:10:15 -04:00
master.js fix: handle empty ToC position value 2023-02-16 23:58:52 -05:00
setup.js feat(mail): allow setting of mailer identifying name (#5363) 2022-06-10 23:15:00 -04:00