mirror of
https://github.com/agent0ai/agent-zero.git
synced 2026-07-09 17:08:29 +00:00
feat(login): Implement secure post-login redirection
Return users to their original requested page after login, with robust same-origin validation to prevent open redirects. Co-Author Agent Hero <agent-hero@neurocis.ai>
This commit is contained in:
parent
d871b2e0d7
commit
6609632bf6
5 changed files with 109 additions and 10 deletions
|
|
@ -266,10 +266,20 @@ function _normalizeApiUrl(url) {
|
|||
}
|
||||
|
||||
function redirect(response) {
|
||||
if (!(response.redirected && response.url.endsWith("/login"))) return false;
|
||||
if (!response.redirected) return false;
|
||||
|
||||
const _redirectUrl = new URL(response.url);
|
||||
if (_redirectUrl.origin === window.location.origin) {
|
||||
window.location.href = response.url;
|
||||
if (
|
||||
_redirectUrl.origin === window.location.origin &&
|
||||
_redirectUrl.pathname === "/login"
|
||||
) {
|
||||
const currentUrl = `${window.location.pathname}${window.location.search}${window.location.hash}`;
|
||||
if (currentUrl && currentUrl !== "/login") {
|
||||
_redirectUrl.searchParams.set("next", currentUrl);
|
||||
}
|
||||
window.location.href = _redirectUrl.toString();
|
||||
return true;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue