Xe Iaso 7ed1753fcc fix(lib): close open redirect when in subrequest mode (#1222) ... * test(nginx-external-auth): bring up to code standards Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(lib): close open redirect when in subrequest mode Closes GHSA-cf57-c578-7jvv Previously Anubis had an open redirect in subrequest auth mode due to an insufficent fix in GHSA-jhjj-2g64-px7c. This patch adds additional validation at several steps of the flow to prevent open redirects in subrequest auth mode as well as implements automated testing to prevent this from occuring in the future. * docs: update CHANGELOG Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>		2025-10-29 16:07:31 -04:00
..
challenge	feat(metarefresh): randomly use the Refresh header (#1133)	2025-09-16 17:32:13 -04:00
localization	locale: Update Nynorsk translation (#1204)	2025-10-22 12:46:46 +00:00
policy	fix!(policy/checker): make List and-like (#1217)	2025-10-25 01:25:05 +00:00
store	fix(store/bbolt): remove actorify (#1215)	2025-10-24 19:28:58 +00:00
testdata	fix(web): embed challenge ID in pass-challenge invocations (#944)	2025-08-04 18:49:19 +00:00
thoth	chore: expose thoth in lib (#911)	2025-07-25 10:58:30 -04:00
anubis.go	Xe/show error state (#1203)	2025-10-21 13:10:27 -04:00
anubis_test.go	fix(lib): de-flake package lib tests (#1187)	2025-10-13 11:50:13 -04:00
config.go	fix(lib): enable multiple consecutive slash support (#1155)	2025-09-27 13:44:46 -04:00
config_test.go	chore: expose thoth in lib (#911)	2025-07-25 10:58:30 -04:00
http.go	fix(lib): close open redirect when in subrequest mode (#1222)	2025-10-29 16:07:31 -04:00
http_test.go	feat: support HTTP redirect for forward authentication middleware in Traefik (#368)	2025-08-12 20:59:45 -04:00
redirect_security_test.go	fix(lib): close open redirect when in subrequest mode (#1222)	2025-10-29 16:07:31 -04:00