SupportPal Documentation

Adding Trusted Redirect Hosts

In order to prevent unvalidated redirect requests when logging in to SupportPal, a trusted hosts file is used to determine whether to permit redirect requests. By default only the host that you're logging in to is permitted. It is possible to add additional hosts to the trust list, by creating the below configuration file.

Configuration

Create a new file /config/production/intended.php:

config/production/intended.php
    <?php

    return [

        /*
         * Allow users (and operators) to be redirected to the below
         * permitted hosts after successfully logging in.
         *
         * By default, the current request URI is always permitted.
         *
         * The "*" character is syntactic sugar to trust any host.
         * Usage:
         *      'hosts' => '*',
         */
        'hosts' => [
            'google.com',
        ],

    ];

In above example, we tell SupportPal to permit login redirect requests to google.com. Multiple hosts can be specified, using a comma delimited list: 'google.com', 'google.co.uk', 'supportpal.com'

While we do not recommend to do this, it is also possible to permit any redirect request:

config/production/intended.php
    <?php

    return [

        'proxies' => '*',

    ];