Closed LucasPMorris closed 2 weeks ago
This is working as designed. There are several security concerns with making wild cards behave the way you suggest.
If a customer needs myappurl.com/logout/link1/detail1
to be a valid Logout URL, they need to add myappurl.com/logout/link1/detail*
as an authorized redirect.
I understand this may not be ideal in some cases, but the intended design is that a *
can only account for a single path segment. It cannot account for more than 1 path segment.
Allow wildcard in some redirects to include all path segments
Problem
When specifying a redirect URL (such as the Logout URL) with a wildcard it will not allow additional path segments after the wildcard. For example:
Specific URL: myappurl.com/logout/*
The following URL's will work:
These URL's will not work:
Solution
Allow additional segments after a URL wildcard to be allowed also.