fix missing domain in child-src during SAML POST logout (#2513)
This commit is contained in:
parent
5ba0c11b58
commit
913ebbd556
|
@ -2675,6 +2675,8 @@ sub sendLogoutRequestToProvider {
|
|||
name => $providerName,
|
||||
}
|
||||
);
|
||||
$req->data->{cspChildSrc}->{ $self->p->cspGetHost( $logout->msg_url ) }
|
||||
= 1;
|
||||
}
|
||||
|
||||
# HTTP-SOAP
|
||||
|
|
|
@ -936,6 +936,11 @@ sub sendHtml {
|
|||
@url = map { s#https?://([^/]+).*#$1#; $_ }
|
||||
( $req->info =~ /<iframe.*?src="(.*?)"/sg );
|
||||
}
|
||||
|
||||
# Update child-src header from request data
|
||||
if ( ref( $req->data->{cspChildSrc} ) eq "HASH" ) {
|
||||
push @url, keys %{ $req->data->{cspChildSrc} };
|
||||
}
|
||||
if (@url) {
|
||||
$csp .= join( ' ', 'child-src', @url, "'self'" ) . ';';
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user