Skip to content

fix(security): validate redirect_uri to prevent open redirect attacks#11

Open
lakhansamani wants to merge 1 commit intomainfrom
fix/open-redirect-validation
Open

fix(security): validate redirect_uri to prevent open redirect attacks#11
lakhansamani wants to merge 1 commit intomainfrom
fix/open-redirect-validation

Conversation

@lakhansamani
Copy link
Copy Markdown
Collaborator

@lakhansamani lakhansamani commented Apr 5, 2026

Summary

  • Added isValidRedirectUri() validation in AuthorizerResetPassword.vue — redirect_uri is now validated against same-origin and configured redirect URL before use
  • Prevents attacker-controlled redirect_uri from redirecting users to malicious sites after password reset
  • Includes minor formatting fixes from prettier

Companion PRs

Test plan

  • Verify password reset redirects work for same-origin URLs
  • Verify cross-origin redirect to evil.com is blocked
  • Verify configured redirect_uri still works

@lakhansamani
fix(security): validate redirect_uri to prevent open redirect attacks
5514551 
Add isValidRedirectUri() validation in AuthorizerResetPassword.vue to
ensure redirect_uri is validated against same-origin and configured
redirect URL before use in window.location.href.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lakhansamani