|
|
|
|
|
|
by amenghra
2727 days ago
|
|
|
You have never needed an open redirect for that (just an internal redirect page). In the past, one solution was to HMAC the destination URL with a time component (i.e. the redirect is only valid for a short period of time). Today, you can check the origin header when your user lands on the redirect page or just tell the browser what information you want in the referrer (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Re...). |
|
|