Skip to content

fix: redirects must not be to ip addresses#1984

Merged
hf merged 1 commit into
masterfrom
hf/fix-redirect-ip-address
Apr 14, 2025
Merged

fix: redirects must not be to ip addresses#1984
hf merged 1 commit into
masterfrom
hf/fix-redirect-ip-address

Conversation

@hf

@hf hf commented Apr 9, 2025

Copy link
Copy Markdown
Contributor

Properly fixes the attempt in #1974

@hf hf requested a review from a team as a code owner April 9, 2025 14:27
@hf hf force-pushed the hf/fix-redirect-ip-address branch 2 times, most recently from 384cbc3 to 88dcdac Compare April 9, 2025 14:45
@coveralls

coveralls commented Apr 9, 2025

Copy link
Copy Markdown

Pull Request Test Coverage Report for Build 14441975543

Details

  • 10 of 10 (100.0%) changed or added relevant lines in 1 file are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.01%) to 68.101%

Totals Coverage Status
Change from base Build 14384966916: 0.01%
Covered Lines: 10538
Relevant Lines: 15474

💛 - Coveralls

@hf hf force-pushed the hf/fix-redirect-ip-address branch from 88dcdac to 05336e8 Compare April 10, 2025 09:19
Comment thread internal/utilities/request_test.go Outdated
@hf hf force-pushed the hf/fix-redirect-ip-address branch from 05336e8 to f84b58f Compare April 14, 2025 09:15
@hf hf merged commit 347e23a into master Apr 14, 2025
@hf hf deleted the hf/fix-redirect-ip-address branch April 14, 2025 09:28
hf pushed a commit that referenced this pull request Apr 15, 2025
🤖 I have created a release *beep* *boop*
---


##
[2.171.0](v2.170.0...v2.171.0)
(2025-04-14)


### Features

* add sign in with solana (EIP-4361) support
([#1918](#1918))
([d121546](d121546))
* allow invalid config directories
([#1969](#1969))
([6b842f6](6b842f6))
* allow limiting lifespan of low-aal sessions
([#1942](#1942))
([d7a9ca6](d7a9ca6))
* Block specific outgoing mail servers
([#1971](#1971))
([091aef9](091aef9))
* refactor hooks out of api package
([#1976](#1976))
([c5904c0](c5904c0))
* separate web3 rate limits from other `/token?grant_type=...`
([#1985](#1985))
([8b23382](8b23382))


### Bug Fixes

* explicit permisions on actions
([#1978](#1978))
([06e9ead](06e9ead))
* propagate error when when confirming phone
([#1939](#1939))
([e882b42](e882b42))
* redirects must not be to ip addresses
([#1984](#1984))
([347e23a](347e23a))
* sanitize redirect URL (remove fragment, query) before pattern matching
([#1974](#1974))
([ccf20d7](ccf20d7))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
wdoppenberg pushed a commit to wdoppenberg/supabase-auth that referenced this pull request Jun 5, 2025
wdoppenberg pushed a commit to wdoppenberg/supabase-auth that referenced this pull request Jun 5, 2025
🤖 I have created a release *beep* *boop*
---


##
[2.171.0](supabase/auth@v2.170.0...v2.171.0)
(2025-04-14)


### Features

* add sign in with solana (EIP-4361) support
([supabase#1918](supabase#1918))
([d121546](supabase@d121546))
* allow invalid config directories
([supabase#1969](supabase#1969))
([6b842f6](supabase@6b842f6))
* allow limiting lifespan of low-aal sessions
([supabase#1942](supabase#1942))
([d7a9ca6](supabase@d7a9ca6))
* Block specific outgoing mail servers
([supabase#1971](supabase#1971))
([091aef9](supabase@091aef9))
* refactor hooks out of api package
([supabase#1976](supabase#1976))
([c5904c0](supabase@c5904c0))
* separate web3 rate limits from other `/token?grant_type=...`
([supabase#1985](supabase#1985))
([8b23382](supabase@8b23382))


### Bug Fixes

* explicit permisions on actions
([supabase#1978](supabase#1978))
([06e9ead](supabase@06e9ead))
* propagate error when when confirming phone
([supabase#1939](supabase#1939))
([e882b42](supabase@e882b42))
* redirects must not be to ip addresses
([supabase#1984](supabase#1984))
([347e23a](supabase@347e23a))
* sanitize redirect URL (remove fragment, query) before pattern matching
([supabase#1974](supabase#1974))
([ccf20d7](supabase@ccf20d7))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
cemalkilic pushed a commit that referenced this pull request Aug 7, 2025
cemalkilic pushed a commit that referenced this pull request Aug 7, 2025
🤖 I have created a release *beep* *boop*
---


##
[2.171.0](v2.170.0...v2.171.0)
(2025-04-14)


### Features

* add sign in with solana (EIP-4361) support
([#1918](#1918))
([d121546](d121546))
* allow invalid config directories
([#1969](#1969))
([6b842f6](6b842f6))
* allow limiting lifespan of low-aal sessions
([#1942](#1942))
([d7a9ca6](d7a9ca6))
* Block specific outgoing mail servers
([#1971](#1971))
([091aef9](091aef9))
* refactor hooks out of api package
([#1976](#1976))
([c5904c0](c5904c0))
* separate web3 rate limits from other `/token?grant_type=...`
([#1985](#1985))
([8b23382](8b23382))


### Bug Fixes

* explicit permisions on actions
([#1978](#1978))
([06e9ead](06e9ead))
* propagate error when when confirming phone
([#1939](#1939))
([e882b42](e882b42))
* redirects must not be to ip addresses
([#1984](#1984))
([347e23a](347e23a))
* sanitize redirect URL (remove fragment, query) before pattern matching
([#1974](#1974))
([ccf20d7](ccf20d7))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
fadymak pushed a commit that referenced this pull request Sep 30, 2025
fadymak pushed a commit that referenced this pull request Sep 30, 2025
🤖 I have created a release *beep* *boop*
---


##
[2.171.0](v2.170.0...v2.171.0)
(2025-04-14)


### Features

* add sign in with solana (EIP-4361) support
([#1918](#1918))
([d121546](d121546))
* allow invalid config directories
([#1969](#1969))
([6b842f6](6b842f6))
* allow limiting lifespan of low-aal sessions
([#1942](#1942))
([d7a9ca6](d7a9ca6))
* Block specific outgoing mail servers
([#1971](#1971))
([091aef9](091aef9))
* refactor hooks out of api package
([#1976](#1976))
([c5904c0](c5904c0))
* separate web3 rate limits from other `/token?grant_type=...`
([#1985](#1985))
([8b23382](8b23382))


### Bug Fixes

* explicit permisions on actions
([#1978](#1978))
([06e9ead](06e9ead))
* propagate error when when confirming phone
([#1939](#1939))
([e882b42](e882b42))
* redirects must not be to ip addresses
([#1984](#1984))
([347e23a](347e23a))
* sanitize redirect URL (remove fragment, query) before pattern matching
([#1974](#1974))
([ccf20d7](ccf20d7))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants