This project is read-only.

Error with custom route when user isn't logged in

Topics: Customizing Orchard
Feb 2, 2015 at 6:30 PM
Edited Feb 2, 2015 at 7:20 PM
Was having a problem with a custom route but got that fixed.
Feb 2, 2015 at 6:48 PM
Edited Feb 2, 2015 at 7:23 PM
I have a custom route that external links get sent to with the actual link being passed in the query string. The problem is as follows:

I still need to find a way of ensuring this is secure as anyone will be able to change the query string in the url and the user will be directed there thinking it's from our site. I have implemented a whitelist in which an admin can specify which urls are valid and any other urls will be treated as invalid and the user will not be directed to the url. Will this work to ensure security or is there a better method for handling this? Thank you.