Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
likejavascript2016-06-12 19:41:42
Computer networks
likejavascript, 2016-06-12 19:41:42

How to properly check open redirect for security?

I want to prevent Open redirect attack in my nodejs application.
Now May implementation is as follows:

var = require('url');

// http://example.com/login?redirect=http://example.com/dashboard
app.route('/login', function (req, res, next) {
   var redirect = req.query.redirect,
        paths = url.parse(redirect); 

   if (paths.host !== req.headers.host) {
      return next(new Error('Open redirect attack detected'));
   }

   return res.redirect(redirect);
});

You need to safely redirect to the main domain and subdomains:
For example:
example.com/dashboard
dashboard.example.com
Tell me how secure is my implementation and what needs to be improved?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
C
clume2019-10-14 03:19:19
How to set up declarative autonization in Java EE? 5Reply
M
Maxim Kyrganov2017-06-26 06:45:08
What program to use to find the moment of frame change in a video file for 48 hours? 2Reply
D
Dmitry2014-12-11 19:08:15
Experience, practice in JS? 6Reply
D
Dmitry Kolobov2021-01-11 17:14:02
What happened to the information stored on the computer of the USSR? 4Reply
A
akaTaniS2016-12-10 18:37:38
Setting up a test network in Hyper-V based on virtual WinServ 2012 R2? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question