From 9c52e195ea77122d7f12759af68dec7389a9a422 Mon Sep 17 00:00:00 2001
From: Agusti Fernandez Pardo <me@agusti.me>
Date: Mon, 16 May 2022 19:44:44 +0200
Subject: [PATCH] Fix adds redirect callback that support app.cal.com (#2768)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Fix adds redirect callback that support app.cal.com

* Update apps/web/pages/api/auth/[...nextauth].tsx

Check origin of website and baseurl

Co-authored-by: Omar López <zomars@me.com>

* fix: lint issue extra space removed

Co-authored-by: Agusti Fernandez Pardo <git@agusti.me>
Co-authored-by: Omar López <zomars@me.com>
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
---
 apps/web/pages/api/auth/[...nextauth].tsx | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/apps/web/pages/api/auth/[...nextauth].tsx b/apps/web/pages/api/auth/[...nextauth].tsx
index 574951f70e..b30a18a335 100644
--- a/apps/web/pages/api/auth/[...nextauth].tsx
+++ b/apps/web/pages/api/auth/[...nextauth].tsx
@@ -434,5 +434,12 @@ export default NextAuth({
 
       return false;
     },
+    async redirect({ url, baseUrl }) {
+      // Allows relative callback URLs
+      if (url.startsWith("/")) return `${baseUrl}${url}`;
+      // Allows callback URLs on the same origin
+      else if (new URL(url).origin === new URL(baseUrl || WEBSITE_URL).origin) return url;
+      return baseUrl;
+    },
   },
 });