From 5ff4726f43215dcf4fb7e2dc4033369de020847f Mon Sep 17 00:00:00 2001
From: Laura Hausmann <laura@hausmann.dev>
Date: Wed, 5 Apr 2023 20:23:32 +0200
Subject: [PATCH] Don't double encode tgt

---
 Controllers/RedirectController.cs | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Controllers/RedirectController.cs b/Controllers/RedirectController.cs
index 91578bb..2576c3e 100644
--- a/Controllers/RedirectController.cs
+++ b/Controllers/RedirectController.cs
@@ -19,9 +19,8 @@ public class RedirectController : Controller {
 			return BadRequest("Bad request.");
 		}
 
-		// tgt is urlencoded twice because authelia decodes it by one layer 
 		var targetUrl =
-			$"https://{Vars.AuthProxySubdomain}.{dstDomain}/api/cookieproxy_stage_one?tgt={HttpUtility.UrlEncode(HttpUtility.UrlEncode(tgt))}";
+			$"https://{Vars.AuthProxySubdomain}.{dstDomain}/api/cookieproxy_stage_one?tgt={HttpUtility.UrlEncode(tgt)}";
 		Response.Redirect(targetUrl);
 		return Content($"Redirecting... <a href=\"{targetUrl}\">Click here if you are not redirected automatically</a>", "text/html");
 	}