Yetzederixx - Validate Return or Refresh URL | Stripe Developers | Page 1

cold heart Feb 16, 2022, 7:09 PM

#

spark spindle Feb 16, 2022, 7:10 PM

#

This in particular is for express account onboarding

cold heart Feb 16, 2022, 7:18 PM

#

Hi 👋

neat nymph Feb 16, 2022, 7:30 PM

#

Hey there 👋 I believe there is (to an extent) bear with me a moment while I try to find the documentation that talks about it

spark spindle Feb 16, 2022, 7:31 PM

#

It doesn't have to be super duper secure, just something to ease my paranoia of open endpoints

neat nymph Feb 16, 2022, 7:36 PM

#

Ah, the initial approach I was thinking of was for the older onboarding flow. While not foolproof, you can check the referrer header that is provided on the request. When I tested coming from the Express onboarding flow just now, that header had a value of https://connect.stripe.com/

spark spindle Feb 16, 2022, 7:41 PM

#

Cool, thanks

neat nymph Feb 16, 2022, 7:42 PM

#

You can also append unique query params to the end of your return URL and ignore requests that don't have those params or invalid values for them.

spark spindle Feb 16, 2022, 7:59 PM

#

True, I'm already doing that so I can do some callback shenanigans, thanks again for your help.

#Yetzederixx - Validate Return or Refresh URL