ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rle...@apache.org
Subject ambari git commit: AMBARI-13056. Ambari should use relative URLs when specifying target after login (rlevas)
Date Mon, 14 Sep 2015 19:36:13 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.0.maint 113eb2362 -> cb9586542


AMBARI-13056. Ambari should use relative URLs when specifying target after login (rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/cb958654
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/cb958654
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/cb958654

Branch: refs/heads/branch-2.0.maint
Commit: cb9586542361fd500fee26eb29dcce205f16f267
Parents: 113eb23
Author: Robert Levas <rlevas@hortonworks.com>
Authored: Mon Sep 14 15:36:00 2015 -0400
Committer: Robert Levas <rlevas@hortonworks.com>
Committed: Mon Sep 14 15:36:00 2015 -0400

----------------------------------------------------------------------
 ambari-web/app/router.js | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/cb958654/ambari-web/app/router.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/router.js b/ambari-web/app/router.js
index fe37e0e..acdf4f4 100644
--- a/ambari-web/app/router.js
+++ b/ambari-web/app/router.js
@@ -308,9 +308,25 @@ App.Router = Em.Router.extend({
         }
       }
       if (transitionToApp) {
-        if (!Em.isNone(router.get('preferedPath'))) {
-          window.location = router.get('preferedPath');
+        var preferredPath = router.get('preferedPath');
+        // If the preferred path is relative, allow a redirect to it.
+        // If the path is not relative, silently ignore it - if the path is an absolute URL,
the user
+        // may be routed to a different server where the [possibility exists for a phishing
attack.
+        if (!Em.isNone(preferredPath)) {
+          if (preferredPath.startsWith('/') || preferredPath.startsWith('#')) {
+            console.log("INFO: Routing to preferred path: " + preferredPath);
+          }
+          else {
+            console.log("WARNING: Ignoring preferred path since it is not a relative URL:
" + preferredPath);
+            preferredPath = null;
+          }
+
+          // Unset preferedPath
           router.set('preferedPath', null);
+        }
+
+        if (!Em.isNone(preferredPath)) {
+          window.location = preferredPath;
         } else {
           router.getSection(function (route) {
             router.transitionTo(route);


Mime
View raw message