How to Validate the URL provided in `redirectUrl`
To enhance your users' security and validate the URL provided in the redirectUrl
parameter, you can pass enforceRedirectToSameSite
and allowedRedirectOrigins
flags to the FronteggProvider
:
authOptions: {
enforceRedirectToSameSite: true,
allowedRedirectOrigins: ['http://my-allowed-redirect-url-origin.com']
}
<FronteggProvider
authOptions={authOptions}
contextOptions={contextOptions}
hostedLoginBox={false} // If you're using Embedded login
>
{children}
</FronteggProvider>
This will help prevent attempts to generate potentially malicious links and redirect the users to such sites.
Updated 14 days ago