2022-05-05 22:29:17 +00:00
|
|
|
import { CONSOLE_URL, WEBAPP_URL, WEBSITE_URL } from "@calcom/lib/constants";
|
2022-04-27 14:28:36 +00:00
|
|
|
|
|
|
|
// It ensures that redirection URL safe where it is accepted through a query params or other means where user can change it.
|
2022-06-30 07:01:07 +00:00
|
|
|
export const getSafeRedirectUrl = (url = "") => {
|
|
|
|
if (!url) {
|
|
|
|
return null;
|
|
|
|
}
|
2022-04-27 14:28:36 +00:00
|
|
|
if (url.search(/^https?:\/\//) === -1) {
|
|
|
|
throw new Error("Pass an absolute URL");
|
|
|
|
}
|
|
|
|
|
2022-09-24 08:40:49 +00:00
|
|
|
const urlParsed = new URL(url);
|
|
|
|
|
2022-04-27 14:28:36 +00:00
|
|
|
// Avoid open redirection security vulnerability
|
2022-09-24 08:40:49 +00:00
|
|
|
if (![CONSOLE_URL, WEBAPP_URL, WEBSITE_URL].some((u) => new URL(u).origin === urlParsed.origin)) {
|
2022-04-27 14:28:36 +00:00
|
|
|
url = `${WEBAPP_URL}/`;
|
|
|
|
}
|
|
|
|
|
|
|
|
return url;
|
|
|
|
};
|