You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2015/09/10 17:19:37 UTC
ambari git commit: AMBARI-13056. Ambari should use relative URLs when
specifying target after login (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 335dcb1ed -> 6688cb6f1
AMBARI-13056. Ambari should use relative URLs when specifying target after login (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6688cb6f
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6688cb6f
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6688cb6f
Branch: refs/heads/trunk
Commit: 6688cb6f1dbcc4033f83f6b5ce3641d5e71205ae
Parents: 335dcb1
Author: Robert Levas <rl...@hortonworks.com>
Authored: Thu Sep 10 11:19:25 2015 -0400
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Thu Sep 10 11:19:25 2015 -0400
----------------------------------------------------------------------
ambari-web/app/router.js | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/6688cb6f/ambari-web/app/router.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/router.js b/ambari-web/app/router.js
index f73cd7d..9c248f1 100644
--- a/ambari-web/app/router.js
+++ b/ambari-web/app/router.js
@@ -345,10 +345,25 @@ App.Router = Em.Router.extend({
}
App.set('isPermissionDataLoaded', true);
if (transitionToApp) {
- if (!Em.isNone(router.get('preferedPath')) &&
- router.get('preferedPath') != "#/login") {
- window.location = router.get('preferedPath');
+ var preferredPath = router.get('preferedPath');
+ // If the preferred path is relative, allow a redirect to it.
+ // If the path is not relative, silently ignore it - if the path is an absolute URL, the user
+ // may be routed to a different server where the [possibility exists for a phishing attack.
+ if (!Em.isNone(preferredPath)) {
+ if (preferredPath.startsWith('/') || preferredPath.startsWith('#')) {
+ console.log("INFO: Routing to preferred path: " + preferredPath);
+ }
+ else {
+ console.log("WARNING: Ignoring preferred path since it is not a relative URL: " + preferredPath);
+ preferredPath = null;
+ }
+
+ // Unset preferedPath
router.set('preferedPath', null);
+ }
+
+ if (!Em.isNone(preferredPath)) {
+ window.location = preferredPath;
} else {
router.getSection(function (route) {
router.transitionTo(route);