Skip to content

Use safe redirect after registration in Account Module #24059

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
maliming merged 2 commits into from
Oct 30, 2025
Merged

Use safe redirect after registration in Account Module #24059

maliming merged 2 commits into from
Oct 30, 2025

Conversation

@enisn
Copy link
Member

@enisn enisn commented Oct 30, 2025

Description

Replaces direct Redirect with RedirectSafelyAsync after user registration to enhance security when handling return URLs.

Checklist

  • I fully tested it as developer / designer and created unit / integration tests
  • I documented it (or no need to document or I will create a separate documentation issue)

@enisn
Use safe redirect after registration
a01adc5 
Replaces direct Redirect with RedirectSafelyAsync after user registration to enhance security when handling return URLs.
@enisn enisn added this to the 10.0-final milestone Oct 30, 2025
@enisn enisn requested review from Copilot and salihozkara October 30, 2025 07:24
@enisn enisn changed the base branch from dev to rel-10.0 October 30, 2025 07:24
@enisn enisn requested a review from maliming October 30, 2025 07:30
Copilot AI reviewed Oct 30, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enhances redirect security in the registration process by replacing a direct URL redirect with the safer RedirectSafelyAsync method. This addresses the open security TODO comment about ensuring redirect URL safety.

  • Replaces unsafe Redirect() call with RedirectSafelyAsync() to validate redirect URLs
  • Removes the TODO comment about redirect URL safety verification

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@maliming maliming merged commit 73a78a1 into rel-10.0 Oct 30, 2025
1 of 2 checks passed
@maliming maliming deleted the 10.0-account-returnurl branch October 30, 2025 08:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@maliming maliming maliming approved these changes

@salihozkara salihozkara salihozkara approved these changes

Assignees

No one assigned

Labels

abp-module-account

Projects

None yet

Milestone

10.0-final

Development

Successfully merging this pull request may close these issues.

4 participants

@enisn @maliming @salihozkara