Configure Allowable External Redirect URLs

For security reasons, LabKey Server restricts the host names that can be used in returnUrl parameters. By default, only redirects to the same LabKey instance are allowed. Other server host names must be whitelisted to allow them to be automatically redirected.

For more information on the security concern, please refer to the OWASP advisory .

To add an external host URL to the whitelist:

  • Go to > Site > Admin Console.
  • Click Admin Console Links.
  • Under Configuration click External Redirect URLs.
  • In the Host field enter a whitelisted URL and click Save.
  • Whitelisted URLs are added to the list under Existing External Redirect URLs.
  • You can directly edit and save existing whitelisted URLs if desired.

Related Topics


Was this content helpful?

Log in or register an account to provide feedback

expand all collapse all