...
This parameter is optional. If omitted the default value is false.
Define allowed hostnames in returnurls
By default only the hostname of password reset url is allowed to be used as the hostname for a returnurl. This behavior can be changed by setting the property returnurl.allowedhostname
to have a white-space separated list of allowed hostnames in file ubilogin/custom/password-reset/application.properties
. Note that when this property is set, then the hostname of the password reset url must be included or it would not be allowed.
Using a disallowed hostname in returnurl causes "HTTP Status 403 – Forbidden" error page to be shown.
Code Block | ||||
---|---|---|---|---|
| ||||
returnurl.allowedhostnames = sso.example.com acme.com foobar.com |