Spell correction (#8113)

2018-08-16 22:00:29 +08:00 · 2018-08-16 22:00:29 +08:00 · 09d6ccf2b1
parent 96c2278e8d
commit 09d6ccf2b1
1 changed files with 1 additions and 1 deletions
--- a/aspnetcore/security/preventing-open-redirects.md
+++ b/aspnetcore/security/preventing-open-redirects.md
@ -14,7 +14,7 @@ Whenever your application logic redirects to a specified URL, you must verify th

 ## What is an open redirect attack?

-Web applications frequently redirect users to a login page when they access resources that require authentication. The redirection typlically includes a `returnUrl` querystring parameter so that the user can be returned to the originally requested URL after they have successfully logged in. After the user authenticates, they're redirected to the URL they had originally requested.
+Web applications frequently redirect users to a login page when they access resources that require authentication. The redirection typically includes a `returnUrl` querystring parameter so that the user can be returned to the originally requested URL after they have successfully logged in. After the user authenticates, they're redirected to the URL they had originally requested.

 Because the destination URL is specified in the querystring of the request, a malicious user could tamper with the querystring. A tampered querystring could allow the site to redirect the user to an external, malicious site. This technique is called an open redirect (or redirection) attack.