cal.pub0.org/packages/lib/getSafeRedirectUrl.ts

17 lines
538 B
TypeScript
Raw Normal View History

import { WEBAPP_URL, WEBSITE_URL } from "@calcom/lib/constants";
// It ensures that redirection URL safe where it is accepted through a query params or other means where user can change it.
export const getSafeRedirectUrl = (url: string | undefined) => {
url = url || "";
if (url.search(/^https?:\/\//) === -1) {
throw new Error("Pass an absolute URL");
}
// Avoid open redirection security vulnerability
if (!url.startsWith(WEBAPP_URL) && !url.startsWith(WEBSITE_URL)) {
url = `${WEBAPP_URL}/`;
}
return url;
};