Skip to content

Commit 748c40e

Browse files
bjohansebasbjohansebas
authored
docs: add deprecation note for 'back' redirect in res-redirect.md and res-location.md v4 (#1835)
1 parent c07e0bb commit 748c40e

File tree

4 files changed

+4
-13
lines changed

4 files changed

+4
-13
lines changed

_includes/api/en/4x/res-location.md

+2
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ res.location('http://example.com')
88
res.location('back')
99
```
1010

11+
{% include admonitions/note.html content="`'back'` was deprecated in 4.21.0, use `req.get('Referrer') || '/'` as an argument instead." %}
12+
1113
A `path` value of "back" has a special meaning, it refers to the URL specified in the `Referer` header of the request. If the `Referer` header was not specified, it refers to "/".
1214

1315
See also [Security best practices: Prevent open redirect

_includes/api/en/4x/res-redirect.md

+2
Original file line numberDiff line numberDiff line change
@@ -52,5 +52,7 @@ defaulting to `/` when the referer is missing.
5252
res.redirect('back')
5353
```
5454

55+
{% include admonitions/note.html content="`back` redirect was deprecated in 4.21.0, use `req.get('Referrer') || '/'` as an argument instead." %}
56+
5557
See also [Security best practices: Prevent open redirect
5658
vulnerabilities](http://expressjs.com/en/advanced/best-practice-security.html#prevent-open-redirects).

_includes/api/en/5x/res-location.md

-6
Original file line numberDiff line numberDiff line change
@@ -5,14 +5,8 @@ Sets the response `Location` HTTP header to the specified `path` parameter.
55
```js
66
res.location('/foo/bar')
77
res.location('http://example.com')
8-
res.location('back')
98
```
109

11-
A `path` value of "back" has a special meaning, it refers to the URL specified in the `Referer` header of the request. If the `Referer` header was not specified, it refers to "/".
12-
13-
See also [Security best practices: Prevent open redirect
14-
vulnerabilities](http://expressjs.com/en/advanced/best-practice-security.html#prevent-open-redirects).
15-
1610
<div class='doc-box doc-warn' markdown="1">
1711
After encoding the URL, if not encoded already, Express passes the specified URL to the browser in the `Location` header,
1812
without any validation.

_includes/api/en/5x/res-redirect.md

-7
Original file line numberDiff line numberDiff line change
@@ -45,12 +45,5 @@ Path-relative redirects are also possible. If you were on
4545
res.redirect('..')
4646
```
4747

48-
A `back` redirection redirects the request back to the [referer](http://en.wikipedia.org/wiki/HTTP_referer),
49-
defaulting to `/` when the referer is missing.
50-
51-
```js
52-
res.redirect('back')
53-
```
54-
5548
See also [Security best practices: Prevent open redirect
5649
vulnerabilities](http://expressjs.com/en/advanced/best-practice-security.html#prevent-open-redirects).

0 commit comments

Comments
 (0)