flask security

How to prevent the Open Redirect vulnerability with the next parameter in Flask

Let’s say someone codes a url like this:

http://domain.com/do/something?next=http://domain.com/homepage

Now an attacker can craft the url like that:

http://domain.com/do/something?next=http://evildomain.com/homepage

If you don’t sanitise the next, your user will be taken to the evil site. This is the Open Redirect vulnerability.

That’s why you must make sure urls are safe. You do it like that:

from flask import request, g, redirect
from urllib.parse import urlparse, urljoin

def is_safe_redirect_url(target):
    host_url = urlparse(request.host_url)
    redirect_url = urlparse(urljoin(request.host_url, target))
    return (
        redirect_url.scheme in ("http", "https")
        and host_url.netloc == redirect_url.netloc
    )


def get_safe_redirect(url):

    if url and is_safe_redirect_url(url):
        return url

    url = request.referrer
    if url and is_safe_redirect_url(url):
        return url

    return "/"

Just pass your url to get_safe_redirect.

The above is a courtesy of the shopyoapi.security from the Shopyo project.