Open redirect protection middleware for snicco/http-routing
This middleware protects your application against open redirects.
It inspects the location
header of the response and disallows any redirects to non-whitelisted
external hosts.
Instead, the user will be redirected to the configured "exit" page.
The intended redirect location will be available in a intented_redirect
query variable.
composer require snicco/open-redirect-protection-middleware
This middleware should be added globally in the MiddlewareResolver
.
The OpenRedirectProtection
middleware must be bound in the PSR-11 container
that is used by the snicco/http-routing
component.
use Snicco\Middleware\OpenRedirectProtection\OpenRedirectProtection;
// In your PSR-11 container.
$open_redirect_protection = new OpenRedirectProtection(
'snicco.io', // the host of your application
'/exit', // the page path
[
'stripe.com',
'accounts.stripe.com'
] // Whitelisted domains.
)
This repository is a read-only split of the development repo of the Snicco project.
This is how you can contribute.
Please report issues in the Snicco monorepo.
If you discover a security vulnerability, please follow our disclosure procedure.