Torii Vulnerability Disclosure
Cory Forsyth

Hi, I’m using google oauth2 and facebook oauth2. I want to use the new redirect page, but I have discovered a potential problem. It seems the default redirect URL is, as you said, CURRENT_URL/torii/redirect.html

If you are inside a route, for example , or , the redirect URL will be , which will fail, as it does not exist. Shouldn’t it be WEBSITE_ROOT/torii/redirect.html ? Thanks.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.