URL parsing and sanitize logic added for Relay State (!129710) · Merge requests · GitLab.org / GitLab

Smriti Garg requested to merge smriti-410062/relay_state_url_sanitize into master Aug 18, 2023

What does this MR do and why?

URL parsing and sanitising logic added for Relay State

Default Relay State is sent from IDP end during SAML SSO process. This value is used for redirecting user to the subpath specified. With this change we are making sure the user is only redirected to subpaths in application. And the subpaths specified are not malicious

Screenshots or screen recordings

Rspecs have been added for all the possible scenarios same can be referred for functionality

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

URL parsing and sanitize logic added for Relay State

What does this MR do and why?

Screenshots or screen recordings

MR acceptance checklist

Merge request reports