Secure Redirect

Open Redirect is dangerous because it accepts GET request. If we restrict GET Open Redirect to a trusted origin, it is safe :)

<?php
$trusted_origin = "https://test.shhnjk.com/";
if(isset($_POST["to"])){
header("Location: ".$_POST["to"]);
}elseif(isset($_GET["to"]) && substr_compare($_GET["to"], $trusted_origin, 0, strlen($trusted_origin)) === 0){
header("Location: ".$_GET["to"]);
}
?>