René's URL Explorer Experiment


Title: Introduced protections against user-controlled internal request forwarding by pixeebot[bot] · Pull Request #23 · Pixee-Bot-Java/flow · GitHub

Open Graph Title: Introduced protections against user-controlled internal request forwarding by pixeebot[bot] · Pull Request #23 · Pixee-Bot-Java/flow

X Title: Introduced protections against user-controlled internal request forwarding by pixeebot[bot] · Pull Request #23 · Pixee-Bot-Java/flow

Description: Vaadin Flow is a Java framework binding Vaadin web components to Java. This is part of Vaadin 10+. - Introduced protections against user-controlled internal request forwarding by pixeebot[bot] · Pull Request #23 · Pixee-Bot-Java/flow

Open Graph Description: This change hardens all ServletRequest#getRequestDispatcher(String) calls against attack. There is a built-in HTTP method for sending clients to another resource: the client-side redirect. However,...

X Description: This change hardens all ServletRequest#getRequestDispatcher(String) calls against attack. There is a built-in HTTP method for sending clients to another resource: the client-side redirect. However,...

Opengraph URL: https://github.com/Pixee-Bot-Java/flow/pull/23

X: @github

direct link

Domain: patch-diff.githubusercontent.com

route-pattern/_view_fragments/voltron/pull_requests/show/:user_id/:repository/:id/pull_request_layout(.:format)
route-controllervoltron_pull_requests_fragments
route-actionpull_request_layout
fetch-noncev2:bcf82e6a-4b61-7d0e-50bd-bf2443e99689
current-catalog-service-hashae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b
request-idA3E2:F3DEB:15A207D:1C4F4BF:698FD31D
html-safe-nonce78dcc21212e3f825c00267e78a0db193df23e4db77cc53a23ae6068cba4fbc22
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJBM0UyOkYzREVCOjE1QTIwN0Q6MUM0RjRCRjo2OThGRDMxRCIsInZpc2l0b3JfaWQiOiIzNTkxMzExMzQyMzk5NjQwMzQ5IiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0=
visitor-hmacbf2cdeef1fd36e3f6926ce5596af70d202067109f82fd351ff684feab6a46565
hovercard-subject-tagpull_request:2343550990
github-keyboard-shortcutsrepository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location///voltron/pull_requests_fragments/pull_request_layout
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/_view_fragments/voltron/pull_requests/show/Pixee-Bot-Java/flow/23/pull_request_layout
twitter:imagehttps://opengraph.githubassets.com/a9dd2ab18dc29d3d28e57c1163cb7dab96a2ccf3936416565aa8d005451dd22b/Pixee-Bot-Java/flow/pull/23
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/a9dd2ab18dc29d3d28e57c1163cb7dab96a2ccf3936416565aa8d005451dd22b/Pixee-Bot-Java/flow/pull/23
og:image:altThis change hardens all ServletRequest#getRequestDispatcher(String) calls against attack. There is a built-in HTTP method for sending clients to another resource: the client-side redirect. However,...
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
og:author:usernamepixeebot[bot]
hostnamegithub.com
expected-hostnamegithub.com
None42c603b9d642c4a9065a51770f75e5e27132fef0e858607f5c9cb7e422831a7b
turbo-cache-controlno-cache
go-importgithub.com/Pixee-Bot-Java/flow git https://github.com/Pixee-Bot-Java/flow.git
octolytics-dimension-user_id143516492
octolytics-dimension-user_loginPixee-Bot-Java
octolytics-dimension-repository_id795756272
octolytics-dimension-repository_nwoPixee-Bot-Java/flow
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forktrue
octolytics-dimension-repository_parent_id34809191
octolytics-dimension-repository_parent_nwovaadin/flow
octolytics-dimension-repository_network_root_id34809191
octolytics-dimension-repository_network_root_nwovaadin/flow
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
released320682233dfd4d28c0b30554a564c2fcd229032
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23#start-of-content
https://patch-diff.githubusercontent.com/
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2FPixee-Bot-Java%2Fflow%2Fpull%2F23
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub SparkBuild and deploy intelligent appshttps://github.com/features/spark
GitHub ModelsManage and compare promptshttps://github.com/features/models
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2FPixee-Bot-Java%2Fflow%2Fpull%2F23
Sign up https://patch-diff.githubusercontent.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fvoltron%2Fpull_requests_fragments%2Fpull_request_layout&source=header-repo&source_repo=Pixee-Bot-Java%2Fflow
Reloadhttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23
Reloadhttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23
Reloadhttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23
Pixee-Bot-Java https://patch-diff.githubusercontent.com/Pixee-Bot-Java
flowhttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow
vaadin/flowhttps://patch-diff.githubusercontent.com/vaadin/flow
Notifications https://patch-diff.githubusercontent.com/login?return_to=%2FPixee-Bot-Java%2Fflow
Fork 0 https://patch-diff.githubusercontent.com/login?return_to=%2FPixee-Bot-Java%2Fflow
Star 0 https://patch-diff.githubusercontent.com/login?return_to=%2FPixee-Bot-Java%2Fflow
Code https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow
Pull requests 1 https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pulls
Actions https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/actions
Projects 0 https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/projects
Security 0 https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/security
Insights https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pulse
Code https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow
Pull requests https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pulls
Actions https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/actions
Projects https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/projects
Security https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/security
Insights https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pulse
pixeebot[bot]https://patch-diff.githubusercontent.com/pixeebot[bot]
mainhttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/tree/main
pixeebot/drip-2025-02-19-pixee-java/validate-jakarta-forward-pathhttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/tree/pixeebot/drip-2025-02-19-pixee-java/validate-jakarta-forward-path
Conversationhttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23
Commits1 (1)https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23/commits
Checkshttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23/checks
Files changedhttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23/files
Introduced protections against user-controlled internal request forwardinghttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23#top
pixeebot[bot]https://patch-diff.githubusercontent.com/pixeebot[bot]
mainhttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/tree/main
pixeebot/drip-2025-02-19-pixee-java/validate-jakarta-forward-pathhttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/tree/pixeebot/drip-2025-02-19-pixee-java/validate-jakarta-forward-path
https://patch-diff.githubusercontent.com/apps/pixeebot
pixeebothttps://patch-diff.githubusercontent.com/apps/pixeebot
Feb 19, 2025https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23#issue-2862107287
ServletRequest#getRequestDispatcher(String)https://docs.oracle.com/javaee/7/api/javax/servlet/ServletRequest.html#getRequestDispatcher-java.lang.String-
client-side redirecthttps://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections
https://cwe.mitre.org/data/definitions/201https://cwe.mitre.org/data/definitions/201
https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html#dangerous-forward-examplehttps://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html#dangerous-forward-example
Feedbackhttps://ask.pixee.ai/feedback
Communityhttps://pixee-community.slack.com/signup#/domain-signup
Docshttps://docs.pixee.ai/
https://camo.githubusercontent.com/b0c5ab4c4b11a22ad5db3d75629c2190d7ebe48531a24b849d80e43e1946dfa6/68747470733a2f2f64317a6165737361326870736d6a2e636c6f756466726f6e742e6e65742f706978656c2f76312f747261636b3f77726974654b65793d32504934336a4e6d376174597641754b37724a557a334b63643641266576656e743d445249505f505225374350697865652d426f742d4a617661253246666c6f7725374366373233386366313865643666633433373535613539356164653934306564346231306439393266
Please reload this pagehttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23
https://patch-diff.githubusercontent.com/apps/pixeebot
Introduced protections against user-controlled internal request forwa…https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23/commits/f7238cf18ed6fc43755a595ade940ed4b10d992f
f7238cfhttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23/commits/f7238cf18ed6fc43755a595ade940ed4b10d992f
https://patch-diff.githubusercontent.com/apps/pixeebot
pixeebothttps://patch-diff.githubusercontent.com/apps/pixeebot
Feb 19, 2025 https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23#pullrequestreview-2625536778
View reviewed changes https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23/files/f7238cf18ed6fc43755a595ade940ed4b10d992f
flow-tests/vaadin-spring-tests/test-spring-security-flow-urlmapping/pom.xmlhttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23/files/f7238cf18ed6fc43755a595ade940ed4b10d992f#diff-6e1968e46883509a0a9f6bd4e1a7a4f148aec2f7a887abb8ed12a0ce63bc6c8a
pixeebothttps://patch-diff.githubusercontent.com/apps/pixeebot
Feb 19, 2025https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23#discussion_r1960885328
Learn morehttps://docs.github.com/articles/managing-disruptive-comments/#hiding-a-comment
Open sourcehttps://github.com/pixee/java-security-toolkit
More factshttps://mvnrepository.com/artifact/io.github.pixee/java-security-toolkit/1.2.1
Please reload this pagehttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23
https://patch-diff.githubusercontent.com/apps/pixeebot
pixeebothttps://patch-diff.githubusercontent.com/apps/pixeebot
Feb 19, 2025 https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23#pullrequestreview-2625536789
View reviewed changes https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23/files/f7238cf18ed6fc43755a595ade940ed4b10d992f
flow-tests/vaadin-spring-tests/pom.xmlhttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23/files/f7238cf18ed6fc43755a595ade940ed4b10d992f#diff-71b5795c1f63efb6dd90141e29c526d092299455ea60b6730b780eba74b39b09
pixeebothttps://patch-diff.githubusercontent.com/apps/pixeebot
Feb 19, 2025https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23#discussion_r1960885341
Learn morehttps://docs.github.com/articles/managing-disruptive-comments/#hiding-a-comment
Open sourcehttps://github.com/pixee/java-security-toolkit
More factshttps://mvnrepository.com/artifact/io.github.pixee/java-security-toolkit/1.2.1
Please reload this pagehttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23
https://patch-diff.githubusercontent.com/apps/pixeebot
pixeebothttps://patch-diff.githubusercontent.com/apps/pixeebot
Feb 27, 2025https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23#issuecomment-2686732281
let me knowhttps://ask.pixee.ai/feedback
Please reload this pagehttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23
https://patch-diff.githubusercontent.com/apps/pixeebot
pixeebothttps://patch-diff.githubusercontent.com/apps/pixeebot
Feb 28, 2025https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23#issuecomment-2689601110
love to hear about themhttps://ask.pixee.ai/feedback
Please reload this pagehttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23
https://patch-diff.githubusercontent.com/apps/pixeebot
pixeebothttps://patch-diff.githubusercontent.com/apps/pixeebot
Mar 6, 2025https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23#issuecomment-2702668348
let me knowhttps://ask.pixee.ai/feedback
customize mehttps://docs.pixee.ai/
Please reload this pagehttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23
https://patch-diff.githubusercontent.com/apps/pixeebot
pixeebothttps://patch-diff.githubusercontent.com/apps/pixeebot
Mar 6, 2025https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23#event-16610206172
https://github.co/hiddenchars
https://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/{{ revealButtonHref }}
Sign up for freehttps://patch-diff.githubusercontent.com/join?source=comment-repo
Sign in to commenthttps://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2FPixee-Bot-Java%2Fflow%2Fpull%2F23
Please reload this pagehttps://patch-diff.githubusercontent.com/Pixee-Bot-Java/flow/pull/23
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width

URLs of crawlers that visited me.