public interface RedirectSanitiser
Modifier and Type | Method and Description |
---|---|
boolean |
canRedirectTo(String redirectUri)
Returns a boolean indicating whether redirecting to the given URI is allowed or not.
|
String |
makeSafeRedirectUrl(String redirectUrl)
Constructs a safe redirect URL out of user-provided input.
|
@Nullable String makeSafeRedirectUrl(@Nullable String redirectUrl)
redirectUrl
does not meet these conditions, this method returns null.
This is used to prevent Open redirect attacks, which facilitate phishing attacks against JIRA users.
redirectUrl
- a String containing the redirect URLboolean canRedirectTo(@Nullable String redirectUri)
This method returns false if the redirectUri
is an absolute URI and it points to a domain that is not
this JIRA instance's domain, and true otherwise.
If the uri is in the form //xxx then it is not allowed as per JRA-27405.
If the uri contains any non-valid URL character, like backslashes, it is denied redirection as it could
result in a potential open redirect attack.
redirectUri
- a String containing a URICopyright © 2002-2019 Atlassian. All Rights Reserved.