community.
I am currently working on a custom plugin for an Auth Provider in Apex and have encountered the error message "Apex classes should safely redirect to a known location (rule: Security-ApexOpenRedirect)" within the initiate method. I have added the isValidURL function to validate the URL, but the PMD error persists.
Here is my method:
public PageReference initiate (Map<String, String> authProviderConfig, String state) {
String callbackUrl = authProviderConfig.get('callback_url__c') + '?state=' + state;
if (isValidURL(callbackUrl)) {
return new PageReference(callbackUrl);
}
}
And the function:
public Boolean isValidURL (String strURLToValidate) {
return strURLToValidate.startsWith(System.URL.getSalesforceBaseURL());
}
I hope you find this helpful for understanding my issue. Any assistance in resolving the "ApexOpenRedirect" rule violation would be greatly appreciated. Thank you!
Best Answer
After validating your URL, you may have to wrap the callback URL in
EncodingUtil.urlEncode, like this.The security scanners look for this.