https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
How to prevent that: - Register the redirect url as a service - check the redirect URL if the domain name is contained in any registered service (thats a custom extension you have to build on your own) - Separate configuration where you register all urls to be allowed to be redirected to. > Am 30.06.2016 um 13:48 schrieb John Rellis <[email protected]>: > > Hey folks, > > I see it is possible to set cas.logout.followServiceRedirects=true to > redirect to a service while logging out > > https://cas:8080/cas/logout?service=http://localhost:8082/app/shiro-cas > > The above URL will bring me to http://localhost:8082/app/shiro-cas, however, > I was hoping to logout and redirect to a different URL that is not a service, > so maybe http://localhost:8082/app/somewhere-else > > I tried testing it and it doesn't work unless "service" is actually defined > as a service. > > Is it possible to redirect somewhere arbitrarily? > > Thanks, > John > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To post to this group, send email to [email protected] > <mailto:[email protected]>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > <https://groups.google.com/a/apereo.org/group/cas-user/>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/0b7bbdb7-69cb-4c30-ba49-c370e03226a7%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/0b7bbdb7-69cb-4c30-ba49-c370e03226a7%40apereo.org?utm_medium=email&utm_source=footer>. > For more options, visit https://groups.google.com/a/apereo.org/d/optout > <https://groups.google.com/a/apereo.org/d/optout>. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/943DCC3E-5F59-4779-91AC-BF8625001FE1%40gmail.com. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
