Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
565dab4a62
PromucFlow_constructor/app/server/appsmith-server/src
History
Shrikant Sharat Kandula 565dab4a62
fix: Request referer shouldn't influence redirect URL (#31155) 
The form signup API responds in a failure state, with a redirection URL.
That URL blindly uses the `Referer` header as passed-in. This shows up a
security issue in a few places, although it's not very exploitable.


![shot-2024-02-15-11-13-01](https://github.com/appsmithorg/appsmith/assets/120119/9c4ea8b4-d028-4cbd-a348-f2483fad0f49)

Nonetheless, we don't need the host to show up in the redirection URL at
all. The signup success API is already using a redirect URL without
host, for example.


![shot-2024-02-15-11-11-41](https://github.com/appsmithorg/appsmith/assets/120119/5eb62c42-cf09-4c1f-8269-775f26af2dce)

With the changes in this PR, the failure response also uses a host-less
redirect.


![shot-2024-02-15-11-14-04](https://github.com/appsmithorg/appsmith/assets/120119/d0640ea2-f934-4f57-ade4-189964d6d11a)
2024-02-15 19:24:34 +05:30
..
main fix: Request referer shouldn't influence redirect URL (#31155) 2024-02-15 19:24:34 +05:30
test chore: added split for permission provider (#31111) 2024-02-14 14:43:14 +05:30