Affects Version/s: 6.2.X EE, 7.0.1 CE GA2
Component/s: Application Security
Property "redirect.url.domains.allowed" does not allow for subdomains.
- Add test.com and a.test.com to hosts file.
- Set the following in portal-ext.properties
- Start Liferay and navigate to Control Panel > Configuration > Instance Settings.
- Change the default instance's virtual host to test.com.
- Navigate to the default Site's Site Administration > Configuration > Site URL page.
- Set the site's virtual host to a.test.com and the friendly URL to /a.test and save.
- Navigate to test.com:8080/web/a.test
- Sign in
- Create a basic web content article in the control panel
- Click on the article
Redirect is displayed and no warning is logged.
Redirect is displayed and "Redirect URL . . . is not allowed" warning is logged.