github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: 🐛 Consider empty referer as external

pull/1580/head
Dominik Frantisek Bucik 2022-01-26 13:49:00 +01:00
parent 5e1d546471
commit d4bc19e2d8
No known key found for this signature in database
GPG Key ID: 25014C8DB2E7E62D
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
perun-oidc-server/src/main/java/cz/muni/ics/oidc/saml/SamlInvalidateSessionFilter.java
View File

@ -68,9 +68,8 @@ public class SamlInvalidateSessionFilter extends GenericFilterBean {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
if (MATCHER.matches(req)) {
boolean isDeviceCodeFlow = DEVICE_CODE_MATCHER.matches(req) || DEVICE_CODE_ALL_MATCHER.matches(req);
String referer = req.getHeader(REFERER);
if (!isInternalReferer(referer, !isDeviceCodeFlow)) {
if (!isInternalReferer(referer)) {
log.debug("Got external referer, clear session to reauthenticate");
contextLogoutHandler.logout(req, res, null);
}
@ -78,9 +77,9 @@ public class SamlInvalidateSessionFilter extends GenericFilterBean {
chain.doFilter(req, res);
}
private boolean isInternalReferer(String referer, boolean emptyRefererAsInternal) {
if (!StringUtils.hasText(referer)) { // no referer, consider as internal
return emptyRefererAsInternal;
private boolean isInternalReferer(String referer) {
if (!StringUtils.hasText(referer)) {
return false;
}
for (String internal : internalReferrers) {
if (referer.startsWith(internal)) {