This topic is under construction for the 24.11 (November 2024) release. For the previous documentation of this feature, click here.

External Redirect Hosts

For security reasons, LabKey Server restricts the host names that can be used in returnUrl parameters. By default, only redirects to the same LabKey instance are allowed. Other server host names must be specifically granted access to allow them to be automatically redirected.

For more information on the security concern, please refer to the OWASP advisory .

A site administrator can allow hosts based on the server name or IP address, based on how it will be referenced in the returnUrl parameter values.

To add an External Redirect Host URL to the approved list:

  • Go to (Admin) > Site > Admin Console.
  • Under Configuration click External Redirect Hosts.
  • In the Host field enter a approved URL and click Save.
  • URLs already granted access are added to the list under Existing External Redirect Hosts.
  • You can directly edit and save the list of existing redirect URLs if necessary.

External Source Hosts

For security reasons, LabKey Server restricts the hosts that can be used as resource origins. By default, only LabKey sources are allowed, other server URLs must be configured on this page to enable them to be used as script sources. For more information on the security concern, please refer to the OWASP cheat sheet.

Add allowed source URLs or IP address as they will be referenced in script source values. For example: www.myexternalhost.com or 1.2.3.4

Related Topics

Was this content helpful?

Log in or register an account to provide feedback


previousnext
 
expand allcollapse all