|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.atlassian.jira.web.action.SafeRedirectChecker
@PublicApi public final class SafeRedirectChecker
Contains methods that check whether a particular redirect is "safe" or not.
Constructor Summary | |
---|---|
SafeRedirectChecker(VelocityRequestContextFactory velocityRequestContextFactory)
Creates a new SafeRedirectChecker. |
Method Summary | |
---|---|
boolean |
canRedirectTo(String redirectUri)
Returns a boolean indicating whether redirecting to the given URI is allowed or not. |
protected String |
getCanonicalBaseURL()
Returns the canonical base URL for JIRA. |
String |
makeSafeRedirectUrl(String redirectUrl)
Constructs a safe redirect URL out of user-provided input. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public SafeRedirectChecker(VelocityRequestContextFactory velocityRequestContextFactory)
velocityRequestContextFactory
- a VelocityRequestContextFactoryMethod Detail |
---|
public boolean canRedirectTo(@Nullable String redirectUri)
redirectUri
is an absolute URI and it points to a domain that is not this JIRA instance's
domain, and true otherwise. If the uri is in the form //xxx then it is not allowed as per JRA-27405
redirectUri
- a String containing a URI
@Nullable public String makeSafeRedirectUrl(@Nullable String redirectUrl)
redirectUrl
does not meet these conditions, this method returns null.
This is used to prevent Open redirect attacks, which
facilitate phishing attacks against JIRA users.
makeSafeRedirectUrl
in interface RedirectSanitiser
redirectUrl
- a String containing the redirect URL
protected String getCanonicalBaseURL()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |