SafeRedirectChecker (Atlassian Jira

java.lang.Object
- com.atlassian.jira.web.action.SafeRedirectChecker

All Implemented Interfaces:

RedirectSanitiser

Deprecated.
Use RedirectSanitiser instead. Since v6.2.
```
@PublicApi
public final class SafeRedirectChecker
extends Object
implements RedirectSanitiser
```
Contains methods that check whether a particular redirect is "safe" or not.

Since:

v4.3

Constructor Summary

Constructors
Constructor and Description

SafeRedirectChecker(RedirectSanitiser redirectSanitiser)
Deprecated.

Constructors
Constructor and Description
`SafeRedirectChecker(RedirectSanitiser redirectSanitiser)` Deprecated.

Method Summary

All Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`boolean`	`canRedirectTo(String redirectUri)` Deprecated. Returns a boolean indicating whether redirecting to the given URI is allowed or not.
`String`	`makeSafeRedirectUrl(String redirectUrl)` Deprecated. Constructs a safe redirect URL out of user-provided input.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SafeRedirectChecker
```
@Internal
public SafeRedirectChecker(RedirectSanitiser redirectSanitiser)
```
    Deprecated.
- Method Detail
  - canRedirectTo
```
public boolean canRedirectTo(@Nullable
                             String redirectUri)
```
    Deprecated.
    
    Returns a boolean indicating whether redirecting to the given URI is allowed or not. This method returns false if the redirectUri is an absolute URI and it points to a domain that is not this JIRA instance's domain, and true otherwise. If the uri is in the form //xxx then it is not allowed as per JRA-27405
    
    Specified by:
    
    canRedirectTo in interface RedirectSanitiser
    
    Parameters:
    
    redirectUri - a String containing a URI
    
    Returns:
    
    a boolean indicating whether redirecting to the given URI should be allowed or not
    
    Since:
    
    v4.3
  - makeSafeRedirectUrl
```
@Nullable
public String makeSafeRedirectUrl(@Nullable
                                            String redirectUrl)
```
    Deprecated.
    
    Constructs a safe redirect URL out of user-provided input. This means checking that the URL has an HTTP or HTTPS scheme, and that it does not redirect to a different domain (i.e. not JIRA). If the redirectUrl does not meet these conditions, this method returns null.
    This is used to prevent Open redirect attacks, which facilitate phishing attacks against JIRA users.
    
    Specified by:
    
    makeSafeRedirectUrl in interface RedirectSanitiser
    
    Parameters:
    
    redirectUrl - a String containing the redirect URL
    
    Returns:
    
    a safe redirect URL, or null
    
    Since:
    
    5.1.5

Class SafeRedirectChecker

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

SafeRedirectChecker

Method Detail

canRedirectTo

makeSafeRedirectUrl