I’m working on a Vue.js application where we need to securely redirect users to a logout URL. This URL is dynamically set through environment variables (process.env.VUE_APP_LOGOUT), which changes based on the environment (e.g., development, staging, production).
logout() {
window.location.href = process.env.VUE_APP_LOGOUT;
}
The Problem
Using a dynamic URL for redirection introduces an Open Redirect vulnerability, which can be exploited in phishing attacks if the URL is not properly validated. I want to ensure that this redirection only points to approved domains and does not expose our application to security risks.
Question
What is the best way to securely handle dynamic URL redirection in Vue.js for logout, without exposing the app to open redirect vulnerabilities? Is it secure to store URLs in an array within the project and validate them from there? Any recommended practices or security-focused solutions would be greatly appreciated!