Saturday, 15 September 2012

node.js - Preventing Open Redirect in NodeJS -



node.js - Preventing Open Redirect in NodeJS -

i have set of node services, 1 of handles authentication. services redirect non-authenticated users login page on auth service, either setting property in request body or parameter in address can redirected after login. e.g.

https://mydomain.com:1234/auth/login?referer=https://mydomain.com:1235/usefulservice

after validating login, res.redirect(referer).

my question is, there simple way of checking open redirect isn't beingness abused?

https://mydomain.com:1234/auth/login?referer=http://www.evildoer.com/fake/usefulservice

i want users redirected services command - these have same ip / domain+subdomain, have different port numbers.

node.js security redirect express

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)