Menu
I am debugging some code and there is this check (in an ASP.NET MVC controller)
if (Url.IsLocalUrl(returnUrl))
So I check the documentation and it says Returns a value that indicates whether the URL is local.
But what does that mean, 'the URL is local'?
If I hit a webserver, when does the webserver say 'the URL is local' ?
476
Usually, you can access the localhost of any computer through the loopback address 127.0. 0.1. By default, this IP address references a server running on the current device. In other words, when your computer requests the IP address 127.0.
In the ASP.NET MVC blog Preventing Open Redirection Attacks (C#) you can find an explanation of why you should use it, but, as is tradition with MVC's documentation, it's not explained how it works.
You can read that from the source presented there though: it checks whether an URL starts with / or ~/, meaning: whether it is a relative URL which thereby points to the same domain.
78
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
