verify redirects are safe before redirecting

2026-03-11 21:26:37 +00:00 · 2025-01-09 23:21:57 -05:00
parent a556339b76
commit 6c813186b8
18 changed files with 99 additions and 45 deletions
--- a/src/app/auth/resource/[resourceId]/page.tsx
+++ b/src/app/auth/resource/[resourceId]/page.tsx
@@ -55,7 +55,17 @@ export default async function ResourceAuthPage(props: {
        );
    }

-    const redirectUrl = searchParams.redirect || authInfo.url;
+    let redirectUrl = authInfo.url;
+    // if (searchParams.redirect) {
+    //     try {
+    //         const serverResourceHost = new URL(authInfo.url).host;
+    //         const redirectHost = new URL(searchParams.redirect).host;
+    //
+    //         if (serverResourceHost === redirectHost) {
+    //             redirectUrl = searchParams.redirect;
+    //         }
+    //     } catch (e) {}
+    // }

    const hasAuth =
        authInfo.password ||