pomegranited commented on code in PR #31692:
URL: https://github.com/apache/superset/pull/31692#discussion_r2021976952
##########
superset/utils/urls.py:
##########
@@ -62,3 +62,20 @@ def is_secure_url(url: str) -> bool:
"""
parsed_url = urlparse(url)
return parsed_url.scheme == "https"
+
+
+def is_safe_redirect_url(source_url: str, target_url: str) -> bool:
Review Comment:
Easy done, thank you for this security fix @mistercrunch ! Applied with
[08010c9](https://github.com/apache/superset/pull/31692/commits/08010c9755ac5485a3480d615437d28cafacdcc7)
However, should we to use the joined `target_url` when doing the actual
redirect?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
