From de6d695c4fcb773cd00dd225ac043186d86e9322 Mon Sep 17 00:00:00 2001
From: Altafur Rahman <altafurrahaman3@gmail.com>
Date: Sat, 28 Oct 2023 22:17:25 +0600
Subject: [PATCH] Fix code scanning alert issue-#1338 (#1502)

Co-authored-by: DonnieBLT <128622481+DonnieBLT@users.noreply.github.com>
---
 website/views.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/website/views.py b/website/views.py
index 03c18be5c..44316768a 100644
--- a/website/views.py
+++ b/website/views.py
@@ -168,8 +168,12 @@ def index(request, template="index.html"):
 
 
 def github_callback(request):
+    ALLOWED_HOSTS = ['github.com']
     params = urllib.parse.urlencode(request.GET)
-    return redirect(f"{settings.CALLBACK_URL_FOR_GITHUB}?{params}")
+    url = f"{settings.CALLBACK_URL_FOR_GITHUB}?{params}"
+    parsed_url = urlparse(url)
+    if parsed_url.netloc in ALLOWED_HOSTS:
+        return redirect(url)
 
 
 def google_callback(request):