master/synapse
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
d80f515622
synapse/tests/api
History
Eric Eastwood 6f9fab1089
Fix open redirect in legacy SSO flow (idp) (#18909) 
- Validate the `idp` parameter to only accept the ones that are known in
the config file
- URL-encode the `idp` parameter for safety's sake (this is the main
fix)

Fix https://github.com/matrix-org/internal-config/issues/1651 (internal
link)

Regressed in https://github.com/element-hq/synapse/pull/17972
2025-09-17 13:54:47 -05:00
..
__init__.py
test_auth.py Use twisted.internet.testing module in tests instead of deprecated twisted.test.proto_helpers. (#18728) 2025-07-30 12:32:10 +01:00
test_errors.py Stabilize support for Retry-After header (MSC4014) (#16947) 2024-03-08 09:33:46 +00:00
test_filtering.py Use twisted.internet.testing module in tests instead of deprecated twisted.test.proto_helpers. (#18728) 2025-07-30 12:32:10 +01:00
test_ratelimiting.py Refactor cache metrics to be homeserver-scoped (#18604) 2025-07-16 16:04:57 -05:00
test_urls.py Fix open redirect in legacy SSO flow (idp) (#18909) 2025-09-17 13:54:47 -05:00