Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This parameter is optional. If omitted the default value is false.

Define allowed hostnames in returnurls

By default only the hostname of password reset url is allowed to be used as the hostname for a returnurl. This behavior can be changed by setting the property returnUrl.allowedHostnames to have a white-space separated list of allowed hostnames in file ubilogin/custom/password-reset/application.properties. Note that when this property is set, then the hostname of the password reset url must be included or it would not be allowed.

Using a disallowed hostname in returnurl causes "HTTP Status 403 – Forbidden" error page to be shown.

Code Block
languagetext
titleubilogin/custom/password-reset/application.properties
returnUrl.allowedHostnames = sso.example.com acme.com anvilcoding.com

Changes to this file require updating tomcat (ubilogin-sso/ubilogin/config/tomcat/update.[sh|cmd]).