ekzyis/stacker.news
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use fallback instead of 500 if callback malformed (#296)

Browse Source 
Co-authored-by: ekzyis <ek@stacker.news>
This commit is contained in:
ekzyis 2023-06-01 02:48:14 +02:00 committed by GitHub
parent 36d5478e74
commit 88372b6a9e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pages/login.js
View File

@ -7,7 +7,13 @@ import { isExternal } from '../lib/url'
export async function getServerSideProps ({ req, res, query: { callbackUrl, error = null } }) {
const session = await getSession({ req })
const external = isExternal(decodeURIComponent(callbackUrl))
// assume external by default so we will use fallback callback
let external = true;
try {
external = isExternal(decodeURIComponent(callbackUrl))
} catch (err) {
console.error("error decoding callback:", callbackUrl, err)
}
if (external) {
// This is a hotfix for open redirects. See https://github.com/stackernews/stacker.news/issues/264
callbackUrl = '/'

8
pages/signup.js
View File

@ -7,7 +7,13 @@ import { isExternal } from '../lib/url'
export async function getServerSideProps ({ req, res, query: { callbackUrl, error = null } }) {
const session = await getSession({ req })
const external = isExternal(decodeURIComponent(callbackUrl))
// assume external by default so we will use fallback callback
let external = true;
try {
external = isExternal(decodeURIComponent(callbackUrl))
} catch (err) {
console.error("error decoding callback:", callbackUrl, err)
}
if (external) {
// This is a hotfix for open redirects. See https://github.com/stackernews/stacker.news/issues/264
callbackUrl = '/'