zaid.marzguioui/myeasycms-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2.21.12 (#423)

Browse Source 
* chore: bump version to 2.21.12 and implement safe redirect path validation

- Updated application version from 2.21.11 to 2.21.12 in package.json.
- Introduced `getSafeRedirectPath` and `isSafeRedirectPath` utility functions to validate user-supplied redirect URLs, enhancing security against open redirect attacks.
* fix: address page reload issue in Admin tests for CI
This commit is contained in:
Giancarlo Buomprisco
2025-12-09 23:34:10 +08:00
committed by GitHub
parent 2f78e16dfa
commit 44137016cb
15 changed files with 128 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
apps/web/proxy.ts
View File

@@ -4,6 +4,7 @@ import { NextResponse } from 'next/server';
import { CsrfError, createCsrfProtect } from '@edge-csrf/nextjs';
import { isSuperAdmin } from '@kit/admin';
import { getSafeRedirectPath } from '@kit/shared/utils';
import { checkRequiresMultiFactorAuthentication } from '@kit/supabase/check-requires-mfa';
import { createMiddlewareClient } from '@kit/supabase/middleware-client';
@@ -158,8 +159,10 @@ async function getPatterns() {
// If user is logged in and does not need to verify MFA,
// redirect to home page.
if (!isVerifyMfa) {
const nextPath =
req.nextUrl.searchParams.get('next') ?? pathsConfig.app.home;
const nextPath = getSafeRedirectPath(
req.nextUrl.searchParams.get('next'),
pathsConfig.app.home,
);
return NextResponse.redirect(
new URL(nextPath, req.nextUrl.origin).href,