Excerpt | ||||||||
---|---|---|---|---|---|---|---|---|
|
How to get started
To address this risk, the SAM functionality will now only allow redirections to trusted sites that are whitelisted in the backend point of sales configuration. This list can be found on the " Gravity " tab, as shown on the right. Note that this security risk only applies to customers using the redirectTo parameter in the email campaign linkto redirect customers to a website other than the ticketshop.
The list consists of a single domain per line. To allow a SAM redirection to an external site (different from the point of sales), the domain of the site must appear in this list. Access is also authorized for subdomains of those listed here.
If left empty, redirections will only be allowed to the domain of this point of sale (including subdomains).
For example, to authorize redirections to https://secutix.com, the list must include secutix.com. Any subdomains of a whitelisted URL, such a subdomain.secutix.com, will also be authorized.