binarybeach/bb-plane-fork
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
bb-plane-fork/apps/api/plane/utils
History
Nikhil 6d3d9e6df7
[WEB-4943]: add url has allowed host or scheme for validating valid redirections (#7809) 
* feat: enhance path validation and URL safety in path_validator.py

* Added get_allowed_hosts function to retrieve allowed hosts from settings.
* Updated get_safe_redirect_url to validate URLs against allowed hosts.
* Improved URL construction logic for safer redirection handling.

* feat: enhance URL validation in authentication views

* Added url_has_allowed_host_and_scheme checks in SignUpAuthSpaceEndpoint and MagicSignInSpaceEndpoint for safer redirection.
* Updated redirect logic to fallback to base host if the constructed URL is not allowed.
* Improved overall URL safety and handling in authentication flows.

* fix: improve host extraction in get_allowed_hosts function

* Updated get_allowed_hosts to extract only the host from ADMIN_BASE_URL and SPACE_BASE_URL settings for better URL validation.
* Enhanced overall safety and clarity in allowed hosts retrieval.
2025-09-16 21:37:08 +05:30
..
core [WEB-4533] feat: read replica functionality (#7453) 2025-07-28 17:41:02 +05:30
openapi [WEB-4045] feat: restructuring of the external APIs for better maintainability (#7477) 2025-07-25 00:17:05 +05:30
__init__.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
analytics_plot.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
build_chart.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
cache.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
color.py [WEB-4566] feat: add background color and goals field to Profile and Workspace models #7485 2025-07-27 21:10:31 +05:30
constants.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
content_validator.py chore: added attributes in ol tag (#7736) 2025-09-08 17:17:38 +05:30
date_utils.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
error_codes.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
exception_logger.py [WEB-4380] chore: work item link sentry error (#7316) 2025-07-08 15:43:42 +05:30
global_paginator.py chore: format files using prettier (#7364) 2025-07-08 20:41:11 +05:30
grouper.py [WEB-4129] fix: work item filter assignees missing fields #7698 2025-09-03 18:36:04 +05:30
host.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
html_processor.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
imports.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
ip_address.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
issue_filters.py [WEB-4875] fix: unsubscribed work items on workspace subscribed work item filter #7775 2025-09-11 17:52:51 +05:30
issue_relation_mapper.py [WIKI-659] chore: added issue relation and page sort order (#7784) 2025-09-15 18:36:00 +05:30
issue_search.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
logging.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
markdown.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
order_queryset.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
paginator.py [WEB-4430] fix: incorrect WI count while scrolling (#7596) 2025-08-20 18:54:32 +05:30
path_validator.py [WEB-4943]: add url has allowed host or scheme for validating valid redirections (#7809) 2025-09-16 21:37:08 +05:30
telemetry.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
timezone_converter.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
url.py [WEB-4452] fix: enhance URL detection logic in contains_url function (#7352) 2025-07-08 18:28:47 +05:30
uuid.py chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30