Why all of your server-side redirects are insecure

For themselves, not for others.

Any ‘run javascript’ action in the front-end is manipulateable. They could edit the script itself, or just the results.

A server script initiated on the front-end can also be modified (the content in ‘Node script’ is client-side and can be modified by the user).

You could do that, just make sure you don’t run into this issue re. backend workflows at the same time :slight_smile: