Missing a proper return if REDIRECT_ALLOW_SUBDOMAINS was False.

pallets-eco · May 30, 2024 · f8f2aa6 · f8f2aa6
1 parent 7c6855f
commit f8f2aa6
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/flask_security/utils.py b/flask_security/utils.py
@@ -657,10 +657,12 @@ def validate_redirect_url(url: str) -> bool:
 
                     return False
 
-            # Fall through to the original check if we don't have a list of allowed subdomains.
+            # Fall through to the original check if we don't have a
+            # list of allowed subdomains.
 
             if (
-                base_domain
+                config_value("REDIRECT_ALLOW_SUBDOMAINS")
+                and base_domain
                 and (
                     url_next.netloc == base_domain
                     or url_next.netloc.endswith(f".{base_domain}")
@@ -669,6 +671,9 @@ def validate_redirect_url(url: str) -> bool:
                 return True
             else:
                 return False
+        else:
+            return False
+
     return True