mirror of
https://github.com/documenso/documenso.git
synced 2025-11-12 15:53:02 +10:00
25 lines
725 B
TypeScript
25 lines
725 B
TypeScript
// It ensures that redirection URL safe where it is accepted through a query params or other means where user can change it.
|
|
export const getSafeRedirectUrl = (url = "") => {
|
|
if (!url) {
|
|
return null;
|
|
}
|
|
|
|
//It is important that this fn is given absolute URL because urls that don't start with HTTP can still deceive browser into redirecting to another domain
|
|
if (url.search(/^https?:\/\//) === -1) {
|
|
throw new Error("Pass an absolute URL");
|
|
}
|
|
|
|
const urlParsed = new URL(url);
|
|
|
|
// Avoid open redirection security vulnerability
|
|
if (
|
|
!["CONSOLE_URL", "WEBAPP_URL", "WEBSITE_URL"].some(
|
|
(u) => new URL(u).origin === urlParsed.origin
|
|
)
|
|
) {
|
|
url = `${"WEBAPP_URL"}/`;
|
|
}
|
|
|
|
return url;
|
|
};
|