This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add a config option for validating 'next_link' parameters against a domain whitelist #8275
Add a config option for validating 'next_link' parameters against a domain whitelist #8275
Changes from 8 commits
3bb8b74
0550f12
62e61e4
41c4b3a
f4513fe
8a5dcaa
f7e4686
bf5e812
b09ef06
42715ff
7b1e865
3235e44
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This check now happens implicitly in
assert_valid_next_link
, as onlyhttp
andhttps
next_link
values are allowed.Additionally,
next_link
can only be specified during the call to/requestToken
. Having this check in/submit_token
, blocking the user after already approving their/requestToken
call, is not great UX.