Class: Archipelago::Security::RedirectValidator

Inherits:

Object

Object
Archipelago::Security::RedirectValidator

show all

Defined in:: lib/archipelago/security/redirect_validator.rb

Instance Method Summary collapse

#initialize(configuration: Archipelago.configuration) ⇒ RedirectValidator constructor

A new instance of RedirectValidator.
#validate!(location) ⇒ Object

Constructor Details

#initialize(configuration: Archipelago.configuration) ⇒ `RedirectValidator`

Returns a new instance of RedirectValidator.



6
7
8

# File 'lib/archipelago/security/redirect_validator.rb', line 6

def initialize(configuration: Archipelago.configuration)
  @configuration = configuration
end

Instance Method Details

#validate!(location) ⇒ `Object`

# File 'lib/archipelago/security/redirect_validator.rb', line 10

def validate!(location)
  return location if relative_path?(location)

  uri = URI.parse(location)
  unless uri.is_a?(URI::HTTP) && @configuration.allowed_redirect_hosts.include?(uri.host)
    raise Archipelago::InvalidRedirect, "Unsafe redirect host"
  end

  location
rescue URI::InvalidURIError
  raise Archipelago::InvalidRedirect, "Invalid redirect URI"
end

Class: Archipelago::Security::RedirectValidator

Instance Method Summary collapse

Constructor Details

#initialize(configuration: Archipelago.configuration) ⇒ RedirectValidator

Instance Method Details

#validate!(location) ⇒ Object

#initialize(configuration: Archipelago.configuration) ⇒ `RedirectValidator`

#validate!(location) ⇒ `Object`