Cutlery/immich
1
0
Fork 1
mirror of https://github.com/immich-app/immich.git synced 2026-05-31 03:45:19 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: disallow cross origin/non http protocols for continueUrl on login

Browse Source
This commit is contained in:
bwees
2026-05-30 13:50:54 -05:00
parent 65611bb860
commit 2ce4d9fa61
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
web/src/routes/auth/login/+page.ts
+7 -1
View File
@@ -8,7 +8,13 @@ import type { PageLoad } from './$types';
export const load = (async ({ parent, url }) => {
await parent();
const continueUrl = url.searchParams.get('continue') || Route.photos();
let continueUrl = url.searchParams.get('continue');
// require same origin continue URL
if (!continueUrl || !continueUrl.startsWith('/') || continueUrl.startsWith('//')) {
continueUrl = Route.photos();
}
if (authManager.authenticated) {
redirect(307, continueUrl);
}