github/zot

Fork 0

mirror of https://github.com/project-zot/zot.git synced 2026-06-18 05:28:07 +08:00

Commit Graph

Author	SHA1	Message	Date
Andrei Aaron	9425ca8b7d	fix(auth): prevent open redirect via callback_ui (#3844 ) Validate callback_ui and default invalid values to /. Allow absolute callback_ui only when its origin is allowlisted via http.auth.openid.callbackAllowOrigins (and externalUrl). Add/adjust unit + controller tests and update examples/docs for relative vs allowlisted absolute redirect Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>	2026-03-08 08:13:16 +02:00
Ramkumar Chinchani	47659c11b2	feat(tls): implement dynamic TLS certificate reloading with file watching (#3792 ) Fixes issue #3747 Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>	2026-02-15 13:01:50 -08:00

Author

SHA1

Message

Date

Andrei Aaron

9425ca8b7d

fix(auth): prevent open redirect via callback_ui (#3844 )

Validate callback_ui and default invalid values to /.
Allow absolute callback_ui only when its origin is allowlisted via http.auth.openid.callbackAllowOrigins (and externalUrl).
Add/adjust unit + controller tests and update examples/docs for relative vs allowlisted absolute redirect

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

2026-03-08 08:13:16 +02:00

Ramkumar Chinchani

47659c11b2

feat(tls): implement dynamic TLS certificate reloading with file watching (#3792 )

Fixes issue #3747

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

2026-02-15 13:01:50 -08:00

2 Commits