Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure redirects from logme method are only done to trusted hosts #17661

Merged
merged 3 commits into from Jun 12, 2021
Merged

Ensure redirects from logme method are only done to trusted hosts #17661

merged 3 commits into from Jun 12, 2021

Conversation

sgiehl
Copy link
Member

@sgiehl sgiehl commented Jun 10, 2021

Description:

Review

  • Functional review done
  • Potential edge cases thought about (behavior of the code with strange input, with strange internal state or possible interactions with other Matomo subsystems)
  • Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
  • Security review done see checklist
  • Code review done
  • Tests were added if useful/possible
  • Reviewed for breaking changes
  • Developer changelog updated if needed
  • Documentation added if needed
  • Existing documentation updated if needed

@sgiehl sgiehl added c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Needs Review PRs that need a code review labels Jun 10, 2021
@sgiehl sgiehl added this to the 4.4.0 milestone Jun 10, 2021
@Findus23
Copy link
Member

I think this could also be mentioned in the CHANGELOG as it might need changes from people who integrated Matomo with their online-platform.

@diosmosis diosmosis merged commit 7c1d791 into 4.x-dev Jun 12, 2021
@diosmosis diosmosis deleted the secureredirect branch June 12, 2021 21:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@diosmosis diosmosis diosmosis left review comments

Assignees
No one assigned
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Needs Review PRs that need a code review
Projects
None yet
Milestone
4.4.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@sgiehl @Findus23 @diosmosis