Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open redirect on successful regististration #1021

mlissner opened this issue Oct 1, 2019 · 0 comments


Copy link

commented Oct 1, 2019

We've received a security report that we have an open redirect on pages such as:

These can be used to spoof CourtListener and are not good. We have some protections against this, but lack them on this particular code.

Solution is to:

  1. Add needed protections to centralized location
  2. Audit the code to make sure all open redirects are squashed
  3. Add tests to prevent regressions
@mlissner mlissner closed this in 230538d Oct 1, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
1 participant
You can’t perform that action at this time.