[SLING-2287] Redirect after logging out is not validating the redirect link thus allowing to redirect outside of the scope of Sling - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Auth Core 1.0.6
Fix Version/s: Auth Core 1.1.0
Component/s: Authentication
Labels:
None

Description

After logging out the Sling Authenticator can be instructed to redirect to somewhere else. This link is not currently checked for validity.

Thus it is possible to redirect to another site after logging out.

The idea, though, is to redirect to another location inside the same site after logging out.

Attachments

Activity

People

Assignee:: Felix Meschberger

Reporter:: Felix Meschberger

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 15/Nov/11 10:51

Updated:: 30/Nov/12 17:56

Resolved:: 15/Nov/11 11:05