fix open redirect issue in Login page

baidu · Mar 14, 2024 · 240fde3 · 240fde3
1 parent 438902d
commit 240fde3
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/rasp-vue/src/components/Login.vue b/rasp-vue/src/components/Login.vue
@@ -72,12 +72,16 @@ export default {
         // ignored
       })
     },
+    validateRedirect(urlstring) {
+      let url = new URL(urlstring)
+      return url.protocol == location.protocol && url.host == location.host && url.port == location.port
+    },
     doLogin: function() {
       return request.post('v1/user/login', {
         username: this.username,
         password: this.password
       }).then(res => {
-        if (this.$route.query.redirect) {
+        if (this.$route.query.redirect && this.validateRedirect(this.$route.query.redirect)) {
           location.href = this.$route.query.redirect
         } else {
           this.$router.replace({