Affects Version/s: 7.0.X, 7.1.X, Master
Component/s: Application Security
A typo when setting the value of the redirect.url.security.mode property can lead to a situation where there is no redirection protection at all.
- Add the following to your portal-ext.properties
- Go to http://localhost:8080/c/portal/login?redirect=http://www.example.com
- Sign in
User is redirected to example.com
Since the security mode is invalid, the portal should fall back on using IP mode.