feat: add protection and figure out if the redirect url is inside or outside backoffice

2024-05-22 11:43:54 +02:00
parent 5c5b0e35d9
commit 44471d89d4
1 changed files with 9 additions and 1 deletions
--- a/src/Umbraco.Web.UI.Client/src/apps/app/app.element.ts
+++ b/src/Umbraco.Web.UI.Client/src/apps/app/app.element.ts
@@ -93,7 +93,15 @@ export class UmbAppElement extends UmbLitElement {
 							sessionStorage.removeItem(UMB_STORAGE_REDIRECT_URL);
 							currentRoute = savedRoute.endsWith('logout') ? currentRoute : savedRoute;
 						}
-						history.replaceState(null, '', currentRoute);
+
+						const url = new URL(currentRoute);
+						const isLocalRoute = url.origin === window.location.origin && url.pathname.startsWith(this.backofficePath);
+
+						if (isLocalRoute) {
+							history.replaceState(null, '', url.pathname + url.search + url.hash);
+						} else {
+							window.location.href = url.toString();
+						}
 					});
 				}