From d540d99d8a8bb6f2c3ee8e8f42777f9fb44c1151 Mon Sep 17 00:00:00 2001 From: Yadd Date: Mon, 27 Feb 2023 22:09:57 +0400 Subject: [PATCH] OIDC RP Initiated Logout: ensure RP can not bypass --- .../lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm index 74acdc1092..da48494d73 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm @@ -1033,7 +1033,9 @@ sub run { } # Ask consent for logout - if ( $req->param('confirm') or $bypassConfirm ) { + if ( ( $req->method eq 'POST' and $req->param('confirm') ) + or $bypassConfirm ) + { my $err; if ( ( defined( $req->param('confirm') ) -- GitLab