/utils/redirect

The redirect utility module exports a function to set a cookie with a redirect location in the response header.

Source

Methods

(inner) setRedirect(req, res)

Validates, sanitizes, and stores a redirect URL in a secure cookie.

This function prevents open redirect and cookie injection vulnerabilities by:

  • Removing dangerous characters (;, \r, \n) that could enable header/cookie injection
  • Enforcing relative URLs only (must start with /) to prevent external redirects
  • Encoding the URL for safe cookie storage
  • Setting appropriate cookie security flags (HttpOnly)

The redirect URL is extracted from the request URL, validated, and stored in a cookie with a 60-second TTL for use after authentication flows.

Parameters:
NameTypeDescription
reqreq

HTTP request object

resres

HTTP response object

Properties
NameTypeDescription
req.urlstring

Request URL containing the redirect path

res.setHeaderfunction

Set response header function

Source