Discovered almost 5 years ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/session_controller.rb:32

redirect_to(DiscourseSingleSignOn.generate_sso(((params[:return_path] or path("/")) or "#{URI.parse((destination_url or session[:destination_url])).path}#{if URI.parse((destination_url or session[:destination_url])).query then
  ("?" << URI.parse((destination_url or session[:destination_url])).query)
else
  ""
end}")).to_url)

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/session_controller.rb or mark it as false positive.