From 38811936fe8fa42d3a870efe73504af6b70de6b4 Mon Sep 17 00:00:00 2001
From: Mark <mark@openappstack.net>
Date: Fri, 25 Oct 2019 14:24:57 +0200
Subject: [PATCH] Redirect to home when redir urls are not safe

---
 login_provider/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/login_provider/app.py b/login_provider/app.py
index 3b9bd55..ce92fa6 100644
--- a/login_provider/app.py
+++ b/login_provider/app.py
@@ -42,7 +42,7 @@ def login():
             login_user(user)
         next_url = login_form.next_url.data
         if not is_safe_url(next_url):
-            return abort(400)
+            return redirect(url_for('home'))
         return redirect(next_url or url_for('home'))
     login_form.next_url.data = request.args.get('next')
     return render_template('login.html', login_form=login_form)
-- 
GitLab