public-offering
/
cal.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ensure the URL is absolute before checking the origin (#5194)

pull/5174/head
Hariom Balhara 2022-10-25 13:48:19 +05:30 committed by GitHub
parent 00c3e9680c
commit 0a23be4579
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
packages/app-store/_utils/useAddAppMutation.ts
View File

@ -44,10 +44,13 @@ function useAddAppMutation(_type: App["type"] | null, options?: Parameters<typeo
window.location.href = json.url;
return;
}
// Skip redirection only if it is an OmniInstall and redirect URL isn't of some other origin
// This allows installation of apps like Stripe to still redirect to their authentication pages.
// TODO: For Omni installation to authenticate and come back to the page where installation was initiated, some changes need to be done in all apps' add callbacks
if (!json.url.startsWith(window.location.origin)) {
// Check first that the URL is absolute, then check that it is of different origin from the current.
if (/https?:\/\//.test(json.url) && !json.url.startsWith(window.location.origin)) {
// TODO: For Omni installation to authenticate and come back to the page where installation was initiated, some changes need to be done in all apps' add callbacks
window.location.href = json.url;
}
}, options);