fix: sanitized untrusted URLs

Noovolari · Sep 8, 2021 · 47d0401 · 47d0401
1 parent b8e2441
commit 47d0401
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/src/app/services/session/aws/methods/aws-iam-role-federated.service.ts b/src/app/services/session/aws/methods/aws-iam-role-federated.service.ts
@@ -173,7 +173,7 @@ export class AwsIamRoleFederatedService extends AwsSessionService {
       // to construct the ideal method to deal with the construction of the response
       idpWindow.webContents.session.webRequest.onBeforeRequest(filter, (details, callback) => {
         // G Suite
-        if (details.url.indexOf('accounts.google.com/ServiceLogin') !== -1) {
+        if (details.url.indexOf('https://accounts.google.com/ServiceLogin') !== -1) {
           idpWindow = null;
           resolve(true);
         }
@@ -188,12 +188,12 @@ export class AwsIamRoleFederatedService extends AwsSessionService {
           resolve(true);
         }
         // AzureAD
-        if (details.url.indexOf('login.microsoftonline.com') !== -1 && details.url.indexOf('/oauth2/authorize') !== -1) {
+        if (details.url.indexOf('https://login.microsoftonline.com') !== -1 && details.url.indexOf('/oauth2/authorize') !== -1) {
           idpWindow = null;
           resolve(true);
         }
         // Do not show window: already logged by means of session cookies
-        if (details.url.indexOf('signin.aws.amazon.com/saml') !== -1) {
+        if (details.url.indexOf('https://signin.aws.amazon.com/saml') !== -1) {
           idpWindow = null;
           resolve(false);
         }