Route forwards POST data across API redirections

Docs > Plateforme de sécurité Datadog > OOTB Rules > Route forwards POST data across API redirections

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

An API endpoint forwards POST data across redirections from external APIs. When an application follows an HTTP redirect and resends the original POST body to the new destination, sensitive data such as credentials, tokens, or personally identifiable information may be unintentionally leaked to an untrusted third party. This behavior may happen when the server returns a 307 or 308 status code.

Rationale

This finding works by identifying an API route that accepts 307 or 308 redirections from a third party API call.

Remediation

Configure HTTP clients to not forward POST bodies across redirections
Implement explicit redirect handling that validates the target and strips sensitive data before following
Ensure that sensitive data is only sent to explicitly trusted endpoints

References

Reference	Description
OWASP API10:2023 - Unsafe Consumption of APIs	OWASP API Security guidance on safely consuming third-party APIs.

Route forwards POST data across API redirections

Description

Rationale

Remediation

References

How can I help you today?