[
https://issues.apache.org/jira/browse/AMBARI-23095?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated AMBARI-23095:
------------------------------------
Labels: knox pull-request-available (was: knox)
> knoxsso.redirect.whitelist.regex should not require a port number
> -----------------------------------------------------------------
>
> Key: AMBARI-23095
> URL: https://issues.apache.org/jira/browse/AMBARI-23095
> Project: Ambari
> Issue Type: Bug
> Components: stacks
> Affects Versions: 2.5.0, trunk, 2.6.2
> Reporter: Sean Roberts
> Priority: Major
> Labels: knox, pull-request-available
>
> The default 'knoxsso.redirect.whitelist.regex' is set to require a port
> number meaning it won't work for redirects to normal HTTP and HTTPS on :80
> and :443:
> https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/knoxsso-topology.xml#L109-L110
> {code}
> ^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*$
> {code}
> Proposal is to make the port optional and validate that anything after the
> host or port starts with /.
> {code}
> ^https?:\/\/(localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1)(:[0-9]+)?(\/|\/.*)?$
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
