Handling issues where backed returns URL links
preetkaran20 opened this issue · comments
Issue:
As VulnerableApp-Facade calls the underlying applications based on the criteria which is defined in nginx-conf however in case applications return a URI inside the response which might not have that criteria then the calls to those URI will break.
an example is:
location /XYZ {
proxy_pass http://<something>:9090/PQR;
}
Here if backend is returning any URI then that URL will be /PQR but backend should return /XYZ for facade usecase.
Solution:
Not sure how can we handle such usecases. Need to think more on this.
Because backend vulnerableApplication is unaware about the caller so how can backend add the identifier ? Either we should send a special header from UI telling that the caller is facade or not such that backend can work appropriately.