vaultwarden
/
bitwarden-estensione-browser
mirror of https://github.com/bitwarden/browser
1
0
Fork 0
Code Issues 1 Releases Wiki Activity

validate proper duo hostnames (#12149)

This commit is contained in:
Kyle Spearrin 2024-11-25 11:57:49 -05:00 committed by GitHub
parent cf52c6030e
commit f65a39d6d8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
apps/web/src/connectors/duo-redirect.ts
View File

@ -51,14 +51,12 @@ window.addEventListener("load", async () => {
*/
function redirectToDuoFrameless(redirectUrl: string) {
const validateUrl = new URL(redirectUrl);
const validDuoUrl =
validateUrl.protocol === "https:" &&
(validateUrl.hostname.endsWith(".duosecurity.com") ||
validateUrl.hostname.endsWith(".duofederal.com"));
if (
validateUrl.protocol !== "https:" ||
!(
validateUrl.hostname.endsWith("duosecurity.com") ||
validateUrl.hostname.endsWith("duofederal.com")
)
) {
if (!validDuoUrl) {
throw new Error("Invalid redirect URL");
}