pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-07 11:16:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

verify redirects are safe before redirecting

Browse Source
This commit is contained in:
Milo Schwartz
2025-01-09 23:21:57 -05:00
parent a556339b76
commit 6c813186b8
18 changed files with 99 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/app/page.tsx
View File

@@ -11,6 +11,7 @@ import { redirect } from "next/navigation";
import { cache } from "react";
import OrganizationLanding from "./components/OrganizationLanding";
import { pullEnv } from "@app/lib/pullEnv";
import { cleanRedirect } from "@app/lib/cleanRedirect";
export const dynamic = "force-dynamic";
@@ -29,7 +30,8 @@ export default async function Page(props: {
if (!user) {
if (params.redirect) {
redirect(`/auth/login?redirect=${params.redirect}`);
const safe = cleanRedirect(params.redirect);
redirect(`/auth/login?redirect=${safe}`);
} else {
redirect(`/auth/login`);
}
@@ -40,7 +42,8 @@ export default async function Page(props: {
env.flags.emailVerificationRequired
) {
if (params.redirect) {
redirect(`/auth/verify-email?redirect=${params.redirect}`);
const safe = cleanRedirect(params.redirect);
redirect(`/auth/verify-email?redirect=${safe}`);
} else {
redirect(`/auth/verify-email`);
}