authelia

Commit Graph

Author	SHA1	Message	Date
Clement Michaud	42581dfe93	Fix open redirection vulnerability. In order to redirect the user after authentication, Authelia uses rd query parameter provided by the proxy. However an attacker could use phishing to make the user be redirected to a bad domain. In order to avoid the user to be redirected to a bad location, Authelia now verifies the redirection URL is under the protected domain.	2018-11-17 17:48:20 +01:00
Clément Michaud	c503765dd6	Implement retry mechanism for broken connections to mongo (#258 ) Before this patch, when Authelia started, if Mongo was not up and running, Authelia failed to connect and never retried. Now, everytime Authelia faces a broken connection, it tries to reconnect during the next operation.	2018-08-19 16:51:36 +02:00

Author

SHA1

Message

Date

Clement Michaud

42581dfe93

Fix open redirection vulnerability.

In order to redirect the user after authentication, Authelia uses
rd query parameter provided by the proxy. However an attacker could
use phishing to make the user be redirected to a bad domain. In order
to avoid the user to be redirected to a bad location, Authelia now
verifies the redirection URL is under the protected domain.

2018-11-17 17:48:20 +01:00

Clément Michaud

c503765dd6

Implement retry mechanism for broken connections to mongo (#258 )

Before this patch, when Authelia started, if Mongo was not
up and running, Authelia failed to connect and never retried.
Now, everytime Authelia faces a broken connection, it tries
to reconnect during the next operation.

2018-08-19 16:51:36 +02:00

2 Commits (fe14bde29b4b44774c00f7d5ab2ab05011237d6e)