|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface RedirectSanitiser
Provides a way for clients to sanitise redirect URLs before issuing the redirect.
Method Summary | |
---|---|
boolean |
canRedirectTo(String redirectUri)
Returns a boolean indicating whether redirecting to the given URI is allowed or not. |
String |
makeSafeRedirectUrl(String redirectUrl)
Constructs a safe redirect URL out of user-provided input. |
Method Detail |
---|
@Nullable String makeSafeRedirectUrl(@Nullable String redirectUrl)
redirectUrl
does not meet these conditions, this method returns null.
This is used to prevent Open redirect attacks, which
facilitate phishing attacks against JIRA users.
redirectUrl
- a String containing the redirect URL
boolean canRedirectTo(@Nullable String redirectUri)
redirectUri
is an absolute URI and it points to a domain that is not
this JIRA instance's domain, and true otherwise.
If the uri is in the form //xxx then it is not allowed as per JRA-27405.
redirectUri
- a String containing a URI
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |