File tree Expand file tree Collapse file tree 1 file changed +19
-2
lines changed
Expand file tree Collapse file tree 1 file changed +19
-2
lines changed Original file line number Diff line number Diff line change @@ -9,6 +9,20 @@ import { Message } from './Message';
99import { getSearchParams } from '../utils/url' ;
1010import PasswordStrengthIndicator from './PasswordStrengthIndicator' ;
1111
12+ function isValidRedirectUri ( uri : string , allowedRedirect ?: string ) : boolean {
13+ try {
14+ const url = new URL ( uri , window . location . origin ) ;
15+ if ( url . origin === window . location . origin ) return true ;
16+ if ( allowedRedirect ) {
17+ const allowed = new URL ( allowedRedirect ) ;
18+ if ( url . origin === allowed . origin ) return true ;
19+ }
20+ return false ;
21+ } catch {
22+ return false ;
23+ }
24+ }
25+
1226type Props = {
1327 showOTPInput ?: boolean ;
1428 onReset ?: ( res : any ) => void ;
@@ -65,8 +79,11 @@ export const AuthorizerResetPassword: FC<Props> = ({
6579 if ( onReset ) {
6680 onReset ( res ) ;
6781 } else {
68- window . location . href =
69- redirect_uri || config . redirectURL || window . location . origin ;
82+ const fallback = config . redirectURL || window . location . origin ;
83+ const target = redirect_uri && isValidRedirectUri ( redirect_uri , config . redirectURL )
84+ ? redirect_uri
85+ : fallback ;
86+ window . location . href = target ;
7087 }
7188 } catch ( err ) {
7289 setError ( formatErrorMessage ( ( err as Error ) . message ) ) ;
You can’t perform that action at this time.
0 commit comments