For security reasons, LabKey Server restricts the host names that can be used in returnUrl parameters. By default, only redirects to the same LabKey instance are allowed. Other server host names must be whitelisted to allow them to be automatically redirected.
For more information on the security concern, please refer to the OWASP advisory
Add allowed hosts based on the server name or IP address, based on how it will be referenced in the returnUrl parameter values.
To add an External Host URL to the whitelist:
- Go to (Admin) > Site > Admin Console.
- Click the Settings tab.
- Under Configuration click External Redirect Hosts.
- In the Host field enter a whitelisted URL and click Save.
- Whitelisted URLs are added to the list under Existing External Redirect Hosts.
- You can directly edit and save existing whitelisted URLs if desired.