matthias/dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

apply security audit

Browse Source
This commit is contained in:
Matthias Hochmeister
2026-03-11 13:18:10 +01:00
parent e9463c1c66
commit 93a87a7ae9
18 changed files with 272 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
frontend/src/pages/Login.tsx
View File

@@ -23,7 +23,11 @@ function Login() {
useEffect(() => {
if (isAuthenticated) {
setIsRedirecting(true);
const from = (location.state as any)?.from || '/dashboard';
const rawFrom = (location.state as any)?.from;
const from =
rawFrom && rawFrom.startsWith('/') && !rawFrom.startsWith('//')
? rawFrom
: '/dashboard';
navigate(from, { replace: true });
}
}, [isAuthenticated, navigate, location.state]);
@@ -31,10 +35,11 @@ function Login() {
const handleLogin = () => {
try {
// Persist the intended destination so LoginCallback can restore it
// after the full-page Authentik redirect round-trip
const from = (location.state as any)?.from;
if (from) {
sessionStorage.setItem('auth_redirect_from', from);
// after the full-page Authentik redirect round-trip.
// Validate that from is a safe internal path before storing it.
const rawFrom = (location.state as any)?.from;
if (rawFrom && rawFrom.startsWith('/') && !rawFrom.startsWith('//')) {
sessionStorage.setItem('auth_redirect_from', rawFrom);
}
const authUrl = authService.getAuthUrl();
window.location.href = authUrl;