Cleaned up whitelist
* Added: /oauth
* Added: favicon.ico
* Stricten up /login to be either exactly "/login" or under the
"/login/" namespace
* Used latest google-java-format
Change-Id: Ie3614d33d7d8627f4c6eb9d358640380357784a8
diff --git a/src/main/java/com/googlesource/gerrit/plugins/loginredirect/LoginRedirectFilter.java b/src/main/java/com/googlesource/gerrit/plugins/loginredirect/LoginRedirectFilter.java
index 51779e2..4073e85 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/loginredirect/LoginRedirectFilter.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/loginredirect/LoginRedirectFilter.java
@@ -40,12 +40,15 @@
if (!httpReq.getContextPath().isEmpty()) {
path = path.substring(httpReq.getContextPath().length());
}
- if (path.startsWith("/login") ||
- path.startsWith("/a/") ||
- path.startsWith("/Documentation/") ||
- path.startsWith("/static/") ||
- path.equals("/ssh_info") ||
- sessionProvider.get().isSignedIn()) {
+ if (path.equals("/login")
+ || path.startsWith("/login/")
+ || path.equals("/oauth")
+ || path.equals("/favicon.ico")
+ || path.startsWith("/a/")
+ || path.startsWith("/Documentation/")
+ || path.startsWith("/static/")
+ || path.equals("/ssh_info")
+ || sessionProvider.get().isSignedIn()) {
chain.doFilter(request, response);
} else {
((HttpServletResponse) response).sendRedirect(getLoginRedirectUrl(httpReq));
