You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2015/09/10 17:19:37 UTC

ambari git commit: AMBARI-13056. Ambari should use relative URLs when specifying target after login (rlevas)

Repository: ambari
Updated Branches:
  refs/heads/trunk 335dcb1ed -> 6688cb6f1


AMBARI-13056. Ambari should use relative URLs when specifying target after login (rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6688cb6f
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6688cb6f
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6688cb6f

Branch: refs/heads/trunk
Commit: 6688cb6f1dbcc4033f83f6b5ce3641d5e71205ae
Parents: 335dcb1
Author: Robert Levas <rl...@hortonworks.com>
Authored: Thu Sep 10 11:19:25 2015 -0400
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Thu Sep 10 11:19:25 2015 -0400

----------------------------------------------------------------------
 ambari-web/app/router.js | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/6688cb6f/ambari-web/app/router.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/router.js b/ambari-web/app/router.js
index f73cd7d..9c248f1 100644
--- a/ambari-web/app/router.js
+++ b/ambari-web/app/router.js
@@ -345,10 +345,25 @@ App.Router = Em.Router.extend({
       }
       App.set('isPermissionDataLoaded', true);
       if (transitionToApp) {
-        if (!Em.isNone(router.get('preferedPath')) &&
-            router.get('preferedPath') != "#/login") {
-          window.location = router.get('preferedPath');
+        var preferredPath = router.get('preferedPath');
+        // If the preferred path is relative, allow a redirect to it.
+        // If the path is not relative, silently ignore it - if the path is an absolute URL, the user
+        // may be routed to a different server where the [possibility exists for a phishing attack.
+        if (!Em.isNone(preferredPath)) {
+          if (preferredPath.startsWith('/') || preferredPath.startsWith('#')) {
+            console.log("INFO: Routing to preferred path: " + preferredPath);
+          }
+          else {
+            console.log("WARNING: Ignoring preferred path since it is not a relative URL: " + preferredPath);
+            preferredPath = null;
+          }
+
+          // Unset preferedPath
           router.set('preferedPath', null);
+        }
+
+        if (!Em.isNone(preferredPath)) {
+          window.location = preferredPath;
         } else {
           router.getSection(function (route) {
             router.transitionTo(route);