Sha256: a27bb35eccf82cf99987a5177fe1fb8de74aa13053308b71c67109c60a7c2cb9

Contents?: true

Size: 629 Bytes

Versions: 3

Compression:

Stored size: 629 Bytes

Contents

require 'uri'

module LinkedinSignIn
  module RedirectProtector
    extend self

    class Violation < StandardError; end

    QUALIFIED_URL_PATTERN = /\A#{URI::DEFAULT_PARSER.make_regexp}\z/

    def ensure_same_origin(target, source)
      if target =~ QUALIFIED_URL_PATTERN && origin_of(target) != origin_of(source)
        raise Violation, "Redirect target #{target} does not have same origin as request (expected #{origin_of(source)})"
      end
    end

    private
      def origin_of(url)
        uri = URI(url)
        "#{uri.scheme}://#{uri.host}:#{uri.port}"
      rescue ArgumentError
        nil
      end
  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version Path
linkedin_sign_in-0.4.0 lib/linkedin_sign_in/redirect_protector.rb
linkedin_sign_in-0.3.1 lib/linkedin_sign_in/redirect_protector.rb
linkedin_sign_in-0.3 lib/linkedin_sign_in/redirect_protector.rb