Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.5.0, trunk, 2.6.2
-
None
Description
The default 'knoxsso.redirect.whitelist.regex' is set to require a port number meaning it won't work for redirects to normal HTTP and HTTPS on :80 and :443:
^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$
Proposal is to make the port optional and validate that anything after the host or port starts with /.
^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1)(:[0-9]+)?(\/|\/.*)?$
Pull request with the change: https://github.com/apache/ambari/pull/484
Attachments
Issue Links
- links to