In one old web application I had to add a redirect form one endpoint to the address of the new application. Everything compiled without a problem, but as soon as I accessed the old address, I got this exception:
NWebsec.Core.Exceptions.RedirectValidationException: A potentially dangerous redirect was detected. Add the destination to the whitelist in configuration if the redirect was intended. Offending redirect: https://my.url.whatever
This application uses NWebsec and its redirect validation feature. If you use NWebsec as well, you need to add your redirect URLs to the list of allowed redirects. You can do that in the web.config file in the nwebsec section:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
<nwebsec> <httpHeaderSecurityModule xmlns="http://nwebsec.com/HttpHeaderSecurityModuleConfig.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="NWebsecConfig/HttpHeaderSecurityModuleConfig.xsd"> <redirectValidation enabled="true"> <allowSameHostRedirectsToHttps enabled="true" /> <add allowedDestination="https://my.url.whatever" /> </redirectValidation> <securityHttpHeaders> ... </securityHttpHeaders> </httpHeaderSecurityModule> </nwebsec> |
If you restart your application, your redirects will work.