binarybeach/bb-plane-fork
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
bb-plane-fork/apps/api/plane
History
Nikhil 6d3d9e6df7
[WEB-4943]: add url has allowed host or scheme for validating valid redirections (#7809) 
* feat: enhance path validation and URL safety in path_validator.py

* Added get_allowed_hosts function to retrieve allowed hosts from settings.
* Updated get_safe_redirect_url to validate URLs against allowed hosts.
* Improved URL construction logic for safer redirection handling.

* feat: enhance URL validation in authentication views

* Added url_has_allowed_host_and_scheme checks in SignUpAuthSpaceEndpoint and MagicSignInSpaceEndpoint for safer redirection.
* Updated redirect logic to fallback to base host if the constructed URL is not allowed.
* Improved overall URL safety and handling in authentication flows.

* fix: improve host extraction in get_allowed_hosts function

* Updated get_allowed_hosts to extract only the host from ADMIN_BASE_URL and SPACE_BASE_URL settings for better URL validation.
* Enhanced overall safety and clarity in allowed hosts retrieval.
2025-09-16 21:37:08 +05:30
..
analytics chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
api feat: added support for expanding updated_by in work item (#7667) 2025-08-29 16:41:54 +05:30
app [WEB-4723] fix: disable project features on project create (#7625) 2025-09-12 13:01:03 +05:30
authentication [WEB-4943]: add url has allowed host or scheme for validating valid redirections (#7809) 2025-09-16 21:37:08 +05:30
bgtasks [WEB-4723] fix: disable project features on project create (#7625) 2025-09-12 13:01:03 +05:30
db [WIKI-659] chore: added issue relation and page sort order (#7784) 2025-09-15 18:36:00 +05:30
license [WEB-4900]: validated authentication redirection paths (#7798) 2025-09-16 00:01:06 +05:30
middleware [WEB-4533] feat: read replica functionality (#7453) 2025-07-28 17:41:02 +05:30
seeds/data chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
settings [WEB-4720] fix: mongo connection class to initialize mongo db #7652 2025-08-28 13:57:16 +05:30
space [WEB-4780] chore: changed the html validation (#7648) 2025-08-27 00:38:25 +05:30
static chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
tests [WEB-4668] fix: LabelDetailAPIEndpoint from LabelListCreateAPIEndpoint (#7571) 2025-08-12 14:43:14 +05:30
utils [WEB-4943]: add url has allowed host or scheme for validating valid redirections (#7809) 2025-09-16 21:37:08 +05:30
web chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
__init__.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
asgi.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
celery.py [WEB-4720] chore: refactor and extend cleanup tasks for logs and versions (#7604) 2025-08-24 15:13:49 +05:30
urls.py [WEB-4045] feat: restructuring of the external APIs for better maintainability (#7477) 2025-07-25 00:17:05 +05:30
wsgi.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30