From 44471d89d4a8a943ae0f9ab6fe9ecf8dc43a355c Mon Sep 17 00:00:00 2001
From: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
Date: Wed, 22 May 2024 11:43:54 +0200
Subject: [PATCH] feat: add protection and figure out if the redirect url is
 inside or outside backoffice

---
 src/Umbraco.Web.UI.Client/src/apps/app/app.element.ts | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/Umbraco.Web.UI.Client/src/apps/app/app.element.ts b/src/Umbraco.Web.UI.Client/src/apps/app/app.element.ts
index 10aec07725..5a4fcc7112 100644
--- a/src/Umbraco.Web.UI.Client/src/apps/app/app.element.ts
+++ b/src/Umbraco.Web.UI.Client/src/apps/app/app.element.ts
@@ -93,7 +93,15 @@ export class UmbAppElement extends UmbLitElement {
 							sessionStorage.removeItem(UMB_STORAGE_REDIRECT_URL);
 							currentRoute = savedRoute.endsWith('logout') ? currentRoute : savedRoute;
 						}
-						history.replaceState(null, '', currentRoute);
+
+						const url = new URL(currentRoute);
+						const isLocalRoute = url.origin === window.location.origin && url.pathname.startsWith(this.backofficePath);
+
+						if (isLocalRoute) {
+							history.replaceState(null, '', url.pathname + url.search + url.hash);
+						} else {
+							window.location.href = url.toString();
+						}
 					});
 				}