Malicius google signin redirects
Opened this issue · 0 comments
lud99 commented
It is possible to craft a malicius sign in link that redirects to some malicious website
example:
https://server/auth/google?redirectUrl=https://badwebsite.com
How to fix: whitelist the redirect url to only allow the client origin