CodeCow/stack
1
0
Fork 0
mirror of https://github.com/stack-auth/stack.git synced 2026-06-13 21:01:21 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fix STACK-BACKEND-63

Browse Source
This commit is contained in:
Konstantin Wohlwend 2025-01-13 10:51:56 -08:00
parent b7d4277510
commit 4e03a16f4b
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
apps/backend/src/lib/redirect-urls.tsx
View File

@ -1,13 +1,21 @@
import { isLocalhost } from "@stackframe/stack-shared/dist/utils/urls";
import { StackAssertionError, captureError } from "@stackframe/stack-shared/dist/utils/errors";
import { createUrlIfValid, isLocalhost } from "@stackframe/stack-shared/dist/utils/urls";
export function validateRedirectUrl(urlOrString: string | URL, domains: { domain: string, handler_path: string }[], allowLocalhost: boolean): boolean {
const url = new URL(urlOrString);
const url = createUrlIfValid(urlOrString);
if (!url) return false;
if (allowLocalhost && isLocalhost(url)) {
return true;
}
return domains.some((domain) => {
const testUrl = url;
const baseUrl = new URL(domain.domain);
const baseUrl = createUrlIfValid(domain.domain);
if (!baseUrl) {
captureError("invalid-redirect-domain", new StackAssertionError("Invalid redirect domain; maybe this should be fixed in the database", {
domain: domain.domain,
}));
return false;
}
const sameOrigin = baseUrl.protocol === testUrl.protocol && baseUrl.hostname === testUrl.hostname;
const isSubPath = testUrl.pathname.startsWith(baseUrl.pathname);