github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity

Move open redirect fix to asgi_send_redirect, refs #2429

Browse source 
See https://github.com/simonw/datasette/pull/2500#issuecomment-3488632278
This commit is contained in:
Simon Willison 2025-11-04 17:08:06 -08:00
commit 8b371495dc
3 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

5
datasette/app.py
View file

@ -2150,11 +2150,6 @@ class DatasetteRouter:
context = {}
if path.endswith(b"/"):
path = path.rstrip(b"/")
# If you redirect with a // at the beginning, you end up with an open redirect, so
# https://my.site//foo/ - will redirect to https://foo
path = re.sub(rb"^/+", b"/", path)
if request.scope["query_string"]:
path += b"?" + request.scope["query_string"]
await asgi_send_redirect(send, path.decode("latin1"))