Section
1.2.6
Top Level
Sub Level
General
Redirects pass through the user's browser (exposing any server side secrets to the user) and can be forged, allowing weak credentials (like simple claims to role or identity) to be forged. All credentials sent through a redirect should be unforgeable (i.e., cryptographically strong).
Django
The password_reset
views in contrib.auth.views
do not send any credentials via a redirect.
Natural Webagent
This is handled automatically when using EID authentication.
.NET
Avoiding using Response.Redirect()
with any sensitive data;Server.Transfer()
can accomplish a similar task while staying server-side only. (Although Server.Transfer()
can only execute pages on the same server, and using it may disrupt the ideal browsing experience – e.g. the user's location is not updated, so bookmarking may be thrown off.)