Overview

Redirect Demo

Example of Redirect Demo

Source Code

<?pas
var target := WebRequest.QueryField['target'];

// SECURITY: Always whitelist redirects to prevent phishing attacks
// (attackers could use your domain to redirect to malicious sites)
// Whitelist of allowed redirect destinations
var AllowedRedirects : array of String = [
   '/index.dws',
   '/doc.dws',
   '/examples/',
   '/search.dws'
];

function IsAllowedRedirect(url: String): Boolean;
begin
   Result := False;
   for var allowed in AllowedRedirects do begin
      if url = allowed then Exit(True);
      // Allow prefix match for directories
      if StrEndsWith(allowed, '/') and StrBeginsWith(url, allowed) then Exit(True);
   end;
end;

if target = '' then begin
   PrintLn('Usage: ?target=/doc.dws');
end else if IsAllowedRedirect(target) then begin
   WebResponse.SetStatusRedirect(302, target);
end else begin
   WebResponse.StatusCode := 400;
   PrintLn('Redirect target not allowed.');
end;
?>

Result

Usage: ?target=/doc.dws
← Rate Limiting Response Basic →
On this page