mirror of
https://github.com/bitwarden/server
synced 2026-02-19 02:43:38 +00:00
fix(redirect): [PM-30810] Https Redirection for Cloud Users - Removed local check so the mobile client can govern the scheme used.
This commit is contained in:
@@ -174,20 +174,6 @@ public class DuoUniversalTokenService(
|
||||
normalizedHost.EndsWith("bitwarden.pw");
|
||||
}
|
||||
|
||||
private static bool IsLocalRequestHost(string host)
|
||||
{
|
||||
if (string.IsNullOrWhiteSpace(host))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
var normalizedHost = host.ToLowerInvariant();
|
||||
return normalizedHost == "localhost" ||
|
||||
normalizedHost == "127.0.0.1" ||
|
||||
normalizedHost == "::1" ||
|
||||
normalizedHost.EndsWith(".localhost");
|
||||
}
|
||||
|
||||
private static DuoDeeplinkScheme? GetDeeplinkSchemeOverride(HttpContext httpContext)
|
||||
{
|
||||
if (httpContext == null)
|
||||
@@ -195,16 +181,9 @@ public class DuoUniversalTokenService(
|
||||
return null;
|
||||
}
|
||||
|
||||
var host = httpContext.Request?.Host.Host;
|
||||
// Only allow overrides when developing/testing locally to avoid abuse in production
|
||||
if (!IsLocalRequestHost(host))
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
// Querystring has precedence over header for manual local testing
|
||||
var overrideFromQuery = httpContext.Request?.Query["deeplinkScheme"].FirstOrDefault();
|
||||
var overrideFromHeader = httpContext.Request?.Headers["Bitwarden-Deeplink-Scheme"].FirstOrDefault();
|
||||
var overrideFromQuery = httpContext.Request.Query["deeplinkScheme"].FirstOrDefault();
|
||||
var overrideFromHeader = httpContext.Request.Headers["Bitwarden-Deeplink-Scheme"].FirstOrDefault();
|
||||
var candidate = (overrideFromQuery ?? overrideFromHeader)?.Trim();
|
||||
|
||||
// Allow only the two supported values
|
||||
|
||||
Reference in New Issue
Block a user