Saltar al contenido
Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post
Acerca de re:Post

Adding localhost to Hosted UI -> callback URLs for testing. Security risks?

0

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only. In my development environment, which is also used for early user testing to get feedback, I am using http://localhost as well as the development domain. I am using google authentication through cognito. My question is, is there are security risk in having localhost as a callback URL that could give an attacker some ability to pose any risk to my development environment? if so, what is the best way to address this?

Temas
Seguridad, identidad y cumplimientoAWS Well-Architected Framework
Etiquetas
Amazon CognitoSeguridad
Idioma
English
preguntada hace 2 años1,4 mil visualizaciones
1 Respuesta
1

Hello.

Although it's not Cognito, there was something like the URL below that explains the security risks of using localhost as the callback URL.
https://community.auth0.com/t/security-risks-of-using-localhost-for-callback-url/118781

EXPERTO
respondido hace 2 años
EXPERTO
revisado hace 2 años
EXPERTO
revisado hace 2 años
  • CurryLeaf
    hace 2 años

    Thank you but I am looking for an answer specifically in the context of AWS Cognito and how to address any risks in this context. I would appreciate answers from people with knowledge in this area please.

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Contenido relevante