Home Explore Help
Sign In
wiki
/
weseek__growi
mirror of https://github.com/weseek/growi
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

parse redirect URL

yusuketk 6 years ago
parent
ad251cf006
commit
67b53ad67e
1 changed files with 3 additions and 6 deletions
Unified View Show Diff Stats
  1. 3 6
      src/server/routes/login-passport.js

+ 3 - 6
src/server/routes/login-passport.js
View File 

@@ -27,20 +27,17 @@ module.exports = function(crowi, app) {
 
       req.session.jumpTo = null;
 
       req.session.jumpTo = null;
 
 
 
       // prevention from open redirect
 
       // prevention from open redirect
 
-      if (jumpTo.match(/^\/[^/].+$/)) { // only one '/' in the front of jumpTo
 
-        return res.redirect(jumpTo);
 
-      }
 
       try {
 
       try {
 
-        const redirectUrl = new URL(jumpTo.replace(/^\/+/, ''));
 
+        const redirectUrl = new URL(jumpTo, `${req.protocol}://${req.host}`);
 
         if (redirectUrl.hostname === req.hostname) {
 
         if (redirectUrl.hostname === req.hostname) {
 
           return res.redirect(redirectUrl);
 
           return res.redirect(redirectUrl);
 
         }
 
         }
 
+        return res.redirect('/');
 
       }
 
       }
 
-      catch (err) {
 
+      catch (e) {
 
         return res.redirect('/');
 
         return res.redirect('/');
 
       }
 
       }
 
     }
 
     }
 
-
 
     return res.redirect('/');
 
     return res.redirect('/');
 
   };
 
   };