What Is an Open Redirect Vulnerability?

An open redirect is a vulnerability where a web application accepts a user-supplied URL and redirects the browser to it without validation. Attackers exploit this to create phishing links that start with your trusted domain but redirect to a malicious site, bypassing spam filters and user suspicion.

Types of an Open Redirect Vulnerability?

URL parameter redirect

Application uses a query parameter to determine redirect destination.

https://trusted.com/login?redirect=https://evil.com/phishing

Header-based redirect

Application reads the Referer or Host header to redirect.

JavaScript redirect

Client-side code reads URL parameters and redirects via window.location.

How to Prevent It

# 1. Allowlist approach — only permit known-safe destinations
ALLOWED_REDIRECTS = ['/dashboard', '/profile', '/settings']
def safe_redirect(url):
    if url in ALLOWED_REDIRECTS:
        return redirect(url)
    return redirect('/dashboard')

# 2. Validate the URL is relative (no protocol or host)
def is_safe_url(url):
    from urllib.parse import urlparse
    parsed = urlparse(url)
    return not parsed.netloc and not parsed.scheme

# 3. Use indirect references (map IDs to URLs)
REDIRECTS = {'1': '/dashboard', '2': '/profile'}
redirect_to = REDIRECTS.get(request.args.get('dest'), '/dashboard')

# 4. Never redirect to user-supplied full URLs
# BAD:  redirect(request.args.get('next'))
# GOOD: redirect(validate_relative_url(request.args.get('next')))

Real-World Impact

Phishing attacks using your domain's reputation, OAuth token theft by redirecting authorization callbacks, bypassing URL-based security controls, and SSO token interception.

Related Questions

• What Is Xss
• What Is Ssrf
• What Is Csrf
• What Is Clickjacking

Scan your system prompt with LochBot — free, client-side, no data sent anywhere.