Fixed: Limit redirects after login to local paths

(cherry picked from commit 14005d8d1054eafaba808337a109d5812f3e79e6)
pull/5051/head
Mark McDowall 4 months ago committed by Bogdan
parent 963ffbea4e
commit 5fed16c38a

@ -47,7 +47,7 @@ namespace Lidarr.Http.Authentication
await HttpContext.SignInAsync(AuthenticationType.Forms.ToString(), new ClaimsPrincipal(new ClaimsIdentity(claims, "Cookies", "user", "identifier")), authProperties);
if (returnUrl.IsNullOrWhiteSpace())
if (returnUrl.IsNullOrWhiteSpace() || !Url.IsLocalUrl(returnUrl))
{
return Redirect(_configFileProvider.UrlBase + "/");
}

Loading…
Cancel
Save