module LinkedinSignIn::RedirectProtector
Constants
- QUALIFIED_URL_PATTERN
Public Instance Methods
ensure_same_origin(target, source)
click to toggle source
# File lib/linkedin_sign_in/redirect_protector.rb, line 11 def ensure_same_origin(target, source) if target.blank? || (target =~ QUALIFIED_URL_PATTERN && origin_of(target) != origin_of(source)) raise Violation, "Redirect target #{target.inspect} does not have same origin as request (expected #{origin_of(source)})" end end
Private Instance Methods
origin_of(url)
click to toggle source
# File lib/linkedin_sign_in/redirect_protector.rb, line 18 def origin_of(url) uri = URI(url) "#{uri.scheme}://#{uri.host}:#{uri.port}" rescue ArgumentError nil end