bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-10 13:23:34 +00:00
Code Issues Releases Wiki Activity

validate proper duo hostnames (#12149)

Browse Source
This commit is contained in:
Kyle Spearrin
2024-11-25 11:57:49 -05:00
committed by GitHub
parent cf52c6030e
commit f65a39d6d8
1 changed files with 5 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
apps/web/src/connectors/duo-redirect.ts
View File

@@ -51,14 +51,12 @@ window.addEventListener("load", async () => {
*/
function redirectToDuoFrameless(redirectUrl: string) {
const validateUrl = new URL(redirectUrl);
const validDuoUrl =
validateUrl.protocol === "https:" &&
(validateUrl.hostname.endsWith(".duosecurity.com") ||
validateUrl.hostname.endsWith(".duofederal.com"));
if (
validateUrl.protocol !== "https:" ||
!(
validateUrl.hostname.endsWith("duosecurity.com") ||
validateUrl.hostname.endsWith("duofederal.com")
)
) {
if (!validDuoUrl) {
throw new Error("Invalid redirect URL");
}