Prevent unsafe redirects

Question

I know that:
Redirects that do not validate user input can enable attackers to launch phishing scams, steal user credentials, and perform other malicious actions.

like this :

res.redirect(req.query.url);

but is this redirection UNSAFE too ?

res.redirect(req.header('Referer') || '/');

EDIT

My website is multi-page so when I want to show error messages to user, I send flash message and redirect it to last page :

back(req , res) { 
  req.flash('formData' , req.body);
  return res.redirect(req.header('Referer') || '/'); 
}

So if header ('Referer') is unsafe, what's the SAFE way ?

Possible duplicate of [Can I rely on Referer HTTP header?](https://stackoverflow.com/questions/8319862/can-i-rely-on-referer-http-header) — Mike Doe, Nov 01 '19 at 18:19

score 0 · Answer 1 · answered Nov 01 '19 at 17:40

0

tl;dr YES!

The referrer header is as unsafe as a query string. There’s no difference, because both comes from a user, thus can be manipulated. This said you have to validate the host part.

answered Nov 01 '19 at 17:40

Mike Doe

16,349
11
65
88

Prevent unsafe redirects

1 Answers1