Skip to content

Commit

Permalink
Redirect URL not allowed
Browse files Browse the repository at this point in the history 
Add an addtional parameter to the checkUrlValid function
so that max redirect count is 0. We do not allow URLs that
can be redirected because of potential security issues.

Signed-off-by: Abby Hu <[email protected]>
  • Loading branch information
@abbyhu2000 @kavilla
abbyhu2000 authored and kavilla committed Oct 5, 2021
1 parent 4becb18 commit b2e6656
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/core/server/rendering/rendering_service.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -317,7 +317,7 @@ export class RenderingService {
this.logger.get('branding').info(configName + ' config is not found or invalid.');
return false;
}
return await Axios.get(url, { adapter: AxiosHttpAdapter })
return await Axios.get(url, { adapter: AxiosHttpAdapter, maxRedirects: 0 })
.then(() => {
return true;
})
Expand Down

0 comments on commit b2e6656

Please sign in to comment.