Module Redirect

Redirect handling and cross-origin security utilities

This module provides shared functions for handling HTTP redirects safely, including cross-origin detection and sensitive header stripping.

val src : Logs.src

Logs source for this module

Cross-Origin Detection

val same_origin : Uri.t -> Uri.t -> bool

same_origin uri1 uri2 returns true if both URIs have the same origin. Same origin means same host with same scheme, or http->https upgrade. Used to determine if sensitive headers should be preserved during redirects.

Sensitive Header Protection

val strip_sensitive_headers : Headers.t -> Headers.t

strip_sensitive_headers headers removes sensitive headers that should not be sent to cross-origin destinations:

  • Authorization
  • Cookie
  • Proxy-Authorization
  • WWW-Authenticate

Redirect URL Validation

val allowed_schemes : string list

List of allowed URL schemes for redirects: "http"; "https"

val validate_url : string -> Uri.t

validate_url location validates that the redirect URL uses an allowed scheme.