Adjust Formatting

Issue gh-18805 Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
2026-03-30 14:08:11 +00:00 · 2026-03-25 15:05:53 -06:00 · 2026-03-25 15:05:53 -06:00 · 057e5181ea
commit 057e5181ea
parent 178ca56aaf
2 changed files with 5 additions and 1 deletions
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
@ -114,7 +114,10 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
 		}

 		String refererHeader = request.getHeader("Referer");
-		if (this.useReferer && StringUtils.hasText(refererHeader)) {
+		if (!StringUtils.hasText(refererHeader)) {
+			return this.defaultTargetUrl;
+		}
+		if (this.useReferer) {
 			trace("Using url %s from Referer header", refererHeader);
 			return refererHeader;
 		}
--- a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandlerTests.java
@ -114,6 +114,7 @@ public class AbstractAuthenticationTargetUrlRequestHandlerTests {
 		assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setRedirectStrategy(null));
 	}

+	// gh-18805
 	@Test
 	void returnDefaultUrlIfUseRefererIsTrueAndRefererHeaderIsEmpty() {
 		this.handler.setUseReferer(true);