Skip to content

Commit 87cfcf7

Browse files
Sachin-MamoruSachin-Mamoru
authored
Merge pull request #4945 from Sachin-Mamoru/regex-vul
Added the recommended regex pattern to the docs
2 parents b52e6e9 + f041da9 commit 87cfcf7

File tree

4 files changed

+12
-0
lines changed

4 files changed

+12
-0
lines changed

en/identity-server/5.10.0/docs/administer/product-level-security-guidelines.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -355,6 +355,9 @@ When configuring intermediate certificate validation for REST APIs, it is recomm
355355
356356
For the scenarios listed below, you can define a regular expression to validate the callback URL. The default configuration allows any callback URL. Note that if you are using these scenarios, it is highly recommended to define the regular expression that validates and only allows access to specific callback URLs.
357357
358+
!!! note
359+
The recommended **callback URL regex** to use when testing the product is `^https:\/\/localhost:9443\/.*`. However, users should modify it to meet their requirements when they deploy the product. You can find the specific instructions through following sections.
360+
358361
- [Password Recovery](../../learn/password-recovery)
359362
- [Username Recovery](../../learn/username-recovery)
360363
- [Self User Registration](../../learn/self-registration-and-account-confirmation/#configuring-self-registration)

en/identity-server/5.11.0/docs/administer/product-level-security-guidelines.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -199,6 +199,9 @@ By default, XSS attacks are prevented in the latest WSO2 Identity Server version
199199

200200
For the scenarios listed below, you can define a regular expression to validate the callback URL. The default configuration allows any callback URL. Note that if you are using these scenarios, it is highly recommended to define the regular expression that validates and only allows access to specific callback URLs.
201201

202+
!!! note
203+
The recommended **callback URL regex** to use when testing the product is `^https:\/\/localhost:9443\/.*`. However, users should modify it to meet their requirements when they deploy the product. You can find the specific instructions through following sections.
204+
202205
- [Password Recovery](../../learn/password-recovery)
203206
- [Username Recovery](../../learn/username-recovery)
204207
- [Self User Registration](../../learn/self-registration-and-account-confirmation/#configuring-self-registration)

en/identity-server/6.0.0/docs/deploy/security/product-level-security-guidelines.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -360,6 +360,9 @@ Follow the steps below to change the default credentials.
360360
361361
For the scenarios listed below, you can define a regular expression to validate the callback URL. The default configuration allows any callback URL. Note that if you are using these scenarios, it is highly recommended to define the regular expression that validates and only allows access to specific callback URLs.
362362
363+
!!! note
364+
The recommended **callback URL regex** to use when testing the product is `^https:\/\/localhost:9443\/.*`. However, users should modify it to meet their requirements when they deploy the product. You can find the specific instructions through following sections.
365+
363366
- [Password Recovery](../../../guides/password-mgt/recover-password/#enable-password-recovery-via-email)
364367
- [Username Recovery](../../../guides/identity-lifecycles/recover-username/#enable-username-recovery)
365368
- [Self User Registration](../../../guides/identity-lifecycles/self-registration-workflow/)

en/identity-server/6.1.0/docs/deploy/security/product-level-security-guidelines.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -360,6 +360,9 @@ Follow the steps below to change the default credentials.
360360
361361
For the scenarios listed below, you can define a regular expression to validate the callback URL. The default configuration allows any callback URL. Note that if you are using these scenarios, it is highly recommended to define the regular expression that validates and only allows access to specific callback URLs.
362362
363+
!!! note
364+
The recommended **callback URL regex** to use when testing the product is `^https:\/\/localhost:9443\/.*`. However, users should modify it to meet their requirements when they deploy the product. You can find the specific instructions through following sections.
365+
363366
- [Password Recovery](../../../guides/password-mgt/recover-password/#enable-password-recovery-via-email)
364367
- [Username Recovery](../../../guides/identity-lifecycles/recover-username/#enable-username-recovery)
365368
- [Self User Registration](../../../guides/identity-lifecycles/self-registration-workflow/)

0 commit comments

Comments
 (0)