Tag: owasp
是防止在nodejs安全的开放redirect攻击?
我试图阻止打开redirect攻击。 请看下面的代码并检查安全性: var = require('url'); // http://example.com/login?redirect=http://example.com/dashboard app.route('/login', function (req, res, next) { var redirect = req.query.redirect, paths = url.parse(redirect); if (paths.host !== req.headers.host) { return next(new Error('Open redirect attack detected')); } return res.redirect(redirect); }); 防止打开redirect攻击是否足够?还是应该添加其他内容?
Interesting Posts