fix missing domain in child-src during SAML POST logout (#2513)
This commit is contained in:
parent
5ba0c11b58
commit
913ebbd556
|
@ -2675,6 +2675,8 @@ sub sendLogoutRequestToProvider {
|
||||||
name => $providerName,
|
name => $providerName,
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
$req->data->{cspChildSrc}->{ $self->p->cspGetHost( $logout->msg_url ) }
|
||||||
|
= 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
# HTTP-SOAP
|
# HTTP-SOAP
|
||||||
|
|
|
@ -936,6 +936,11 @@ sub sendHtml {
|
||||||
@url = map { s#https?://([^/]+).*#$1#; $_ }
|
@url = map { s#https?://([^/]+).*#$1#; $_ }
|
||||||
( $req->info =~ /<iframe.*?src="(.*?)"/sg );
|
( $req->info =~ /<iframe.*?src="(.*?)"/sg );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Update child-src header from request data
|
||||||
|
if ( ref( $req->data->{cspChildSrc} ) eq "HASH" ) {
|
||||||
|
push @url, keys %{ $req->data->{cspChildSrc} };
|
||||||
|
}
|
||||||
if (@url) {
|
if (@url) {
|
||||||
$csp .= join( ' ', 'child-src', @url, "'self'" ) . ';';
|
$csp .= join( ' ', 'child-src', @url, "'self'" ) . ';';
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user