adjust

src/server/routes/login-passport.js

@@ -32,12 +32,12 @@ module.exports = function(crowi, app) {
         if (redirectUrl.hostname === req.hostname) {
           return res.redirect(redirectUrl);
         }
-        return res.redirect('/');
       }
       catch (e) {
         return res.redirect('/');
       }
     }
+
     return res.redirect('/');
   };
 

src/server/routes/login.js

@@ -39,8 +39,14 @@ module.exports = function(crowi, app) {
       req.session.jumpTo = null;
 
       // prevention from open redirect
-      if (!jumpTo.match(/^\/\/.+$/)) {
-        return res.redirect(jumpTo);
+      try {
+        const redirectUrl = new URL(jumpTo, `${req.protocol}://${req.get('host')}`);
+        if (redirectUrl.hostname === req.hostname) {
+          return res.redirect(redirectUrl);
+        }
+      }
+      catch (e) {
+        return res.redirect('/');
       }
     }