Browse Source
Merge pull request #12569 from abpframework/maliming/ReturnUrl
Check the `ReturnUrl` on `Manage` page.
pull/12574/head
Galip Tolga Erdem
4 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with
11 additions and
2 deletions
-
framework/src/Volo.Abp.UI.Navigation/Volo/Abp/Ui/Navigation/Urls/AppUrlProvider.cs
-
modules/account/src/Volo.Abp.Account.Web/Pages/Account/Manage.cshtml.cs
|
|
|
@ -45,7 +45,7 @@ public class AppUrlProvider : IAppUrlProvider, ITransientDependency |
|
|
|
|
|
|
|
public bool IsRedirectAllowedUrl(string url) |
|
|
|
{ |
|
|
|
var allow = Options.RedirectAllowedUrls.Any(url.StartsWith); |
|
|
|
var allow = Options.RedirectAllowedUrls.Any(x => url.StartsWith(x, StringComparison.CurrentCultureIgnoreCase)); |
|
|
|
if (!allow) |
|
|
|
{ |
|
|
|
Logger.LogError($"Invalid RedirectUrl: {url}, Use {nameof(AppUrlProvider)} to configure it!"); |
|
|
|
|
|
|
|
@ -1,5 +1,7 @@ |
|
|
|
using System.ComponentModel.DataAnnotations; |
|
|
|
using System; |
|
|
|
using System.ComponentModel.DataAnnotations; |
|
|
|
using System.Threading.Tasks; |
|
|
|
using Microsoft.AspNetCore.Http.Extensions; |
|
|
|
using Volo.Abp.Identity; |
|
|
|
using Microsoft.AspNetCore.Mvc; |
|
|
|
using Microsoft.Extensions.Options; |
|
|
|
@ -32,6 +34,13 @@ public class ManageModel : AccountPageModel |
|
|
|
await contributor.ConfigureAsync(ProfileManagementPageCreationContext); |
|
|
|
} |
|
|
|
|
|
|
|
if (!Url.IsLocalUrl(ReturnUrl) && |
|
|
|
!ReturnUrl.StartsWith(UriHelper.BuildAbsolute(Request.Scheme, Request.Host, Request.PathBase).RemovePostFix("/")) && |
|
|
|
!AppUrlProvider.IsRedirectAllowedUrl(ReturnUrl)) |
|
|
|
{ |
|
|
|
ReturnUrl = null; |
|
|
|
} |
|
|
|
|
|
|
|
return Page(); |
|
|
|
} |
|
|
|
|
|
|
|
|
