Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
SSO Endpoint & Back Button
Hannes
New
Hello everyone,
I use the SSO Entry Point (with jsconnect) to link to my vanilla forum from my web application. Everything works fine but when the user uses the browser "Back Button" he gets redirected to the SSO Entry Point. (which is technically right of course!)
Is there a way to check the $_SERVER['HTTP_REFERER'] when the user comes to /sso? I would like to check if the user comes from the forum and redirect him to the web application and not loop him back into the forum.
Thanks, Cheers
Hannes
0
Comments
No, and that's actually possibly unsafe to implement. It's possible to spoof
$_SERVER['HTTP_REFERER']
, and if you don't validate the target of the redirect it could be done maliciously. See thesafeRedirect()
function in Vanilla if you decide to move forward with this on your site.Personally, I recommend leaving this alone. If there is clear navigation on the forum back to the app, folks can get back easily. If they use the back button, they'll figure it out pretty quick, and our experience suggests that's a big "if".
Hi Linc,
alright thanks for this good and very quick answer!
Cheers
Hannes
Cheers!