diff --git a/install/docker/project.py b/install/docker/project.py index ea9b1079..32644a1e 100644 --- a/install/docker/project.py +++ b/install/docker/project.py @@ -160,7 +160,11 @@ def login(self): if user: login_user(user, remember=True) if comed_url: - return redirect(comed_url) + # 仅开放同域名跳转,避免开放式URL重定向漏洞 + from werkzeug.urls import url_parse + parsed_url = url_parse(comed_url) + if (not parsed_url.netloc and parsed_url.path) or parsed_url.netloc == request.host: + return redirect(comed_url) return redirect(self.appbuilder.get_url_for_index) # 如果已经登录了,那么直接进去首页 if g.user is not None and g.user.is_authenticated: diff --git a/install/kubernetes/cube/overlays/config/project.py b/install/kubernetes/cube/overlays/config/project.py index 3bc4c3c9..d39c7580 100644 --- a/install/kubernetes/cube/overlays/config/project.py +++ b/install/kubernetes/cube/overlays/config/project.py @@ -160,7 +160,11 @@ def login(self): if user: login_user(user, remember=True) if comed_url: - return redirect(comed_url) + # 仅开放同域名跳转,避免开放式URL重定向漏洞 + from werkzeug.urls import url_parse + parsed_url = url_parse(comed_url) + if (not parsed_url.netloc and parsed_url.path) or parsed_url.netloc == request.host: + return redirect(comed_url) return redirect(self.appbuilder.get_url_for_index) # 如果已经登录了,那么直接进去首页 if g.user is not None and g.user.is_authenticated: diff --git a/myapp/project.py b/myapp/project.py index 57198676..212c3ce1 100644 --- a/myapp/project.py +++ b/myapp/project.py @@ -160,7 +160,11 @@ def login(self): if user: login_user(user, remember=True) if comed_url: - return redirect(comed_url) + # 仅开放同域名跳转,避免开放式URL重定向漏洞 + from werkzeug.urls import url_parse + parsed_url = url_parse(comed_url) + if (not parsed_url.netloc and parsed_url.path) or parsed_url.netloc == request.host: + return redirect(comed_url) return redirect(self.appbuilder.get_url_for_index) if g.user is not None and g.user.is_authenticated: