From 4530f5d0bdc9b2f60eed2146eaf1b6f35fc53b0e Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Mon, 31 May 2021 11:43:43 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@13-12-stable-ee

---
 app/controllers/oauth/authorizations_controller.rb     | 3 ++-
 app/views/doorkeeper/authorizations/redirect.html.haml | 7 +++++++
 2 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 app/views/doorkeeper/authorizations/redirect.html.haml

(limited to 'app')

diff --git a/app/controllers/oauth/authorizations_controller.rb b/app/controllers/oauth/authorizations_controller.rb
index 857f36e3833..ddf70c1892a 100644
--- a/app/controllers/oauth/authorizations_controller.rb
+++ b/app/controllers/oauth/authorizations_controller.rb
@@ -14,8 +14,9 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
     if pre_auth.authorizable?
       if skip_authorization? || matching_token?
         auth = authorization.authorize
+        parsed_redirect_uri = URI.parse(auth.redirect_uri)
         session.delete(:user_return_to)
-        redirect_to auth.redirect_uri
+        render "doorkeeper/authorizations/redirect", locals: { redirect_uri: parsed_redirect_uri }, layout: false
       else
         render "doorkeeper/authorizations/new"
       end
diff --git a/app/views/doorkeeper/authorizations/redirect.html.haml b/app/views/doorkeeper/authorizations/redirect.html.haml
new file mode 100644
index 00000000000..2fefbac3802
--- /dev/null
+++ b/app/views/doorkeeper/authorizations/redirect.html.haml
@@ -0,0 +1,7 @@
+%h3.page-title= _("Redirecting")
+
+%div
+  %a{ :href => redirect_uri } Click here to redirect to #{redirect_uri}
+
+:javascript
+  window.location= "#{redirect_uri}";
-- 
cgit v1.2.3