Hi! Our security team finds that the browser can redirect to any URL without restriction using the ‘next param’ when login hub.
For example, if I request such URL:
The browser will redirect to http://www.abc.com if the access_token is valid.
Our security team worries that someone may use this mechanism to attack us. Therefore, I wonder if there exists any way to set a whitelist to restrict the redirect URL. Thanks!