Module: LinkedinSignIn::RedirectProtector

Extended by:
RedirectProtector
Included in:
RedirectProtector
Defined in:
lib/linkedin_sign_in/redirect_protector.rb

Defined Under Namespace

Classes: Violation

Constant Summary collapse

QUALIFIED_URL_PATTERN =
/\A#{URI::DEFAULT_PARSER.make_regexp}\z/

Instance Method Summary collapse

Instance Method Details

#ensure_same_origin(target, source) ⇒ Object



11
12
13
14
15
# File 'lib/linkedin_sign_in/redirect_protector.rb', line 11

def ensure_same_origin(target, source)
  if target.blank? || (target =~ QUALIFIED_URL_PATTERN && origin_of(target) != origin_of(source))
    raise Violation, "Redirect target #{target.inspect} does not have same origin as request (expected #{origin_of(source)})"
  end
end