diff options
author | Nick Thomas <nick@gitlab.com> | 2018-01-31 22:42:08 +0300 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2018-02-19 17:29:12 +0300 |
commit | fbf87a29cf31ade0244f8d98729dda89c29a464c (patch) | |
tree | 2de796422f73ae2e3cee387017b014cd045575fc /.gitignore | |
parent | a57de7adc1288ceafb3e6dcd50a3f0be1cec0028 (diff) |
Serve a secure redirect in case of accessing /foo
When a request's path resolved to a directory on disk and lacked a trailing
slash character, we issue a 302 Found redirect to the request's path, plus the
missing trailing slash. However, some request paths are valid absolute URIs
(particularly protocol-neutral //example.com URIs), so this was an open redirect
vulnerability.
This problem is avoided by generating a URI from the actual location of a file
that we want to present.
There were also numerous potential bypasses of other security checks for
inferred index.html files and custom error pages; this commit closes these
holes at the same time by recursively running the checks if necessary.
Diffstat (limited to '.gitignore')
0 files changed, 0 insertions, 0 deletions