module LinkedinSignIn::RedirectProtector

Constants

QUALIFIED_URL_PATTERN

Public Instance Methods

ensure_same_origin(target, source) click to toggle source
# File lib/linkedin_sign_in/redirect_protector.rb, line 11
def ensure_same_origin(target, source)
  if target.blank? || (target =~ QUALIFIED_URL_PATTERN && origin_of(target) != origin_of(source))
    raise Violation, "Redirect target #{target.inspect} does not have same origin as request (expected #{origin_of(source)})"
  end
end

Private Instance Methods

origin_of(url) click to toggle source
# File lib/linkedin_sign_in/redirect_protector.rb, line 18
def origin_of(url)
  uri = URI(url)
  "#{uri.scheme}://#{uri.host}:#{uri.port}"
rescue ArgumentError
  nil
end