17 lines
538 B
TypeScript
17 lines
538 B
TypeScript
|
import { WEBAPP_URL, WEBSITE_URL } from "@calcom/lib/constants";
|
||
|
|
||
|
// It ensures that redirection URL safe where it is accepted through a query params or other means where user can change it.
|
||
|
export const getSafeRedirectUrl = (url: string | undefined) => {
|
||
|
url = url || "";
|
||
|
if (url.search(/^https?:\/\//) === -1) {
|
||
|
throw new Error("Pass an absolute URL");
|
||
|
}
|
||
|
|
||
|
// Avoid open redirection security vulnerability
|
||
|
if (!url.startsWith(WEBAPP_URL) && !url.startsWith(WEBSITE_URL)) {
|
||
|
url = `${WEBAPP_URL}/`;
|
||
|
}
|
||
|
|
||
|
return url;
|
||
|
};
|