CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-05 15:14:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

[SECURITY] Enforce session validation on oauth authorize endpoint

Browse Source
This commit is contained in:
Raphael Michel
2023-03-06 11:52:01 +01:00
parent 9bed40fa09
commit 926d334b10
5 changed files with 152 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pretix/control/middleware.py
View File

@@ -112,7 +112,7 @@ class PermissionMiddleware:
url = resolve(request.path_info)
url_name = url.url_name
if not request.path.startswith(get_script_prefix() + 'control'):
if not request.path.startswith(get_script_prefix() + 'control') and not (url.namespace.startswith("api-") and url_name == "authorize"):
# This middleware should only touch the /control subpath
return self.get_response(request)