cal.pub0.org/packages/lib/getSafeRedirectUrl.ts

import { CONSOLE_URL, WEBAPP_URL, WEBSITE_URL } from "@calcom/lib/constants";

// It ensures that redirection URL safe where it is accepted through a query params or other means where user can change it.
export const getSafeRedirectUrl = (url: string = "") => {
  if (url.search(/^https?:\/\//) === -1) {
    throw new Error("Pass an absolute URL");
  }

  // Avoid open redirection security vulnerability
  if (![CONSOLE_URL, WEBAPP_URL, WEBSITE_URL].some((u) => url.startsWith(u))) {
    url = `${WEBAPP_URL}/`;
  }

  return url;
};
Adds console url to redirection whitelist 2022-05-05 22:29:17 +00:00			`import { CONSOLE_URL, WEBAPP_URL, WEBSITE_URL } from "@calcom/lib/constants";`
Make sure that absolute URL is of WEBAPP only (#2624) 2022-04-27 14:28:36 +00:00
			`// It ensures that redirection URL safe where it is accepted through a query params or other means where user can change it.`
Adds console url to redirection whitelist 2022-05-05 22:29:17 +00:00			`export const getSafeRedirectUrl = (url: string = "") => {`
Make sure that absolute URL is of WEBAPP only (#2624) 2022-04-27 14:28:36 +00:00			`if (url.search(/^https?:\/\//) === -1) {`
			`throw new Error("Pass an absolute URL");`
			`}`

			`// Avoid open redirection security vulnerability`
Adds console url to redirection whitelist 2022-05-05 22:29:17 +00:00			`if (![CONSOLE_URL, WEBAPP_URL, WEBSITE_URL].some((u) => url.startsWith(u))) {`
Make sure that absolute URL is of WEBAPP only (#2624) 2022-04-27 14:28:36 +00:00			url = `${WEBAPP_URL}/`;
			`}`

			`return url;`
			`};`