Security
Allowed redirect URIs
To ensure that the redirect-uri
parameter only allows open redirects to known destinations, a domain allowlist can be configured per template, or globally in the Domain Manager page within the Persona Dashboard.
Once you add one or more domains, the Inquiry flow will disallow redirects to destinations not matching those domains.
When specifying domains, only provide the domain. Do not provide a URI scheme (e.g. https://
).
Updated about 1 month ago