This repository has been archived by the owner on Apr 12, 2023. It is now read-only.
Add protections for open redirects #3
Labels
enhancement 🎉
A new feature or an improvement on an existing one
Comments
tommyschaefer
added
the
enhancement 🎉
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Currently the
proceed_toURL has no verification on it. This means that someone could accidentally use aproceed_toURL that's external to the Rails app. This presents a security risk because identity information would be available through the request parameters.The text was updated successfully, but these errors were encountered: