Pēteris Caune 7252f2f101
Fix _allow_redirect function to reject absolute URLs
This fixes a security issue:
- attacker can crafts a redirect URL to an external site
- attacker gets victim to click on it
- victim logs in
- after login, Healthchecks redirects victim to the external site

The _allow_redirect function now additionally
requires the redirect URL is relative (has no scheme or domain).
2021-08-06 13:34:40 +03:00
..
2015-08-18 20:33:02 +03:00
2020-11-16 11:20:01 +02:00
2021-07-30 16:43:23 +03:00
2020-03-01 22:30:12 +02:00