Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-1721

support redirect with 302 in ZK AU Responses

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Normal
    • Resolution: Done
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: ZK Update Engine
    • Security Level: Jimmy
    • Labels:
      None

      Description

      A client asked to enable redirect with 302 after AJAX login and not return with 200 as recommened by the security audit company.

      according to OWASP a redirect should be issued to reload the page after login.
      https://www.owasp.org/index.php/OWASP_Application_Security_FAQ#Is_it_really_required_to_redirect_the_user_to_a_new_page_after_login.3F

      An AuExtension as in the attached example was provided, but client proposed this could be default feature in ZK in order to be OWASP compliant.

        Attachments

          Activity

            People

            Assignee:
            vincentjian vincentjian
            Reporter:
            cor3000 cor3000
            Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: