Announcement Announcement Module
Collapse
No announcement yet.
Where in the Spring ecosystem to implement a whitelist for redirects? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Where in the Spring ecosystem to implement a whitelist for redirects?

    Hi all,

    Very new to this amazing Spring thing. Trying to reduce our site's exploitability wrt OWasp unvalidated redirects (https://www.owasp.org/index.php/Top_...s_and_Forwards).

    I had envisioned wrapping the sendRedirect method of HttpServletRequest to check with a whitelist before proceeding, but wasn't sure if this was the "Spring" way to do such a thing, or if this has been addressed in the Spring universe somewhere already.

    It seems that the HandlerInterceptorAdapter is for requests, so is there something similar for responses, or should I use some other mechanism?

    Thanks for any tips
Working...
X