Hi Michael,
How can we block a call after page=// that starts with http or https
Any external URL after the domain must be blocked
So this must NOT be possible to reach.
https://extravestiging.nl/webshop/?page=//https://ipv4.icanhazip.com/
and another example
https://extravestiging.nl/webshop/?page=//https://www.tinywebgallery.com/blog/forum/recent
Please let us know how to block this linking to external URL's
Kind Regards,
Dave Everaers
Marti Orbak Software
Hi,
To prevent this you can specify key,url pairs. Not sure this is feasible to specify all your urls here.
If you like a custom solution for this please contact me.
Best regards, Michael
Hi Michael,
We want a kind of whitelist.
The url is like:
https://bakkerboer.nl/webshop/?page=/assortiment
What we want to allow is:
?page=/assortiment
?page=/aanbiedingen
?page=/CheckoutShoppingCart
?page=/CheckoutSignOn
?page=/CheckoutOrderDeliveryMethod
?page=/CheckoutPickupLocation
?page=/CheckoutPickupDateTime
?page=/CheckoutPaymentMethod
?page=/CheckoutOrderSummary
?page=/CheckoutPaymentMollieAPI
And maybe more in the future.
With this whitelist we want to prevent to load other sites within the iframe
So this must NOT be possible:
https://bakkerboer.nl/webshop/?page=//https://www.tinywebgallery.com/blog/advanced-iframe
Kind Regards,
Dave Everaers
Hi,
you can configure this already . You can specify key value pairs. If key=value then only this ones are allowed.
Does this solve your problem?
Best regards, Michael
Hi Michael,
Can you send a screenshot where i can configure key=value.
I cannot find it in the settings.
Kind Regards, Dave
