Coverage for api/security.py : 28%

Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1from urllib.parse import urljoin
2from urllib.parse import urlparse
4from flask import request
7# from https://security.openstack.org/guidelines/dg_avoid-unvalidated-redirects.html
8def is_safe_redirect_url(target):
9 host_url = urlparse(request.host_url)
10 redirect_url = urlparse(urljoin(request.host_url, target))
11 return (
12 redirect_url.scheme in ("http", "https")
13 and host_url.netloc == redirect_url.netloc
14 )
17def get_safe_redirect(url):
19 if url and is_safe_redirect_url(url):
20 return url
22 url = request.referrer
23 if url and is_safe_redirect_url(url):
24 return url
26 return "/"