From 3f49225eff4982d9f86dc62897843c740e6de018 Mon Sep 17 00:00:00 2001 From: pelle Date: Mon, 8 Aug 2022 09:53:25 -0600 Subject: [PATCH] Open redirect fix after login This is just to make sure after login you are just redirecting to a path not another domain. --- netbox/users/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netbox/users/views.py b/netbox/users/views.py index 344f375fc..00459420a 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -91,7 +91,7 @@ class LoginView(View): data = request.POST if request.method == "POST" else request.GET redirect_url = data.get('next', settings.LOGIN_REDIRECT_URL) - if redirect_url and redirect_url.startswith('/'): + if redirect_url and redirect_url.startswith('/') and not redirect_url.startswith('//'): logger.debug(f"Redirecting user to {redirect_url}") else: if redirect_url: