@uniformdev/next-app-router 20.67.1-alpha.22 → 20.67.1-alpha.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/handler.js +11 -2
  2. package/dist/handler.mjs +11 -2
  3. package/package.json +8 -8
package/dist/handler.js CHANGED
@@ -1688,8 +1688,17 @@ var createPreviewGETRouteHandler = (options) => {
1688
1688
  };
1689
1689
  };
1690
1690
  function validateLocalRedirectUrl(pathToRedirectTo) {
1691
- if (pathToRedirectTo == null ? void 0 : pathToRedirectTo.match(/^[a-z]+:\/\//g)) {
1692
- throw new Error("Tried to redirect to absolute URL with protocol. Disallowing open redirect.");
1691
+ if (!pathToRedirectTo) {
1692
+ return;
1693
+ }
1694
+ let resolved;
1695
+ try {
1696
+ resolved = new URL(pathToRedirectTo, BASE_URL_EXAMPLE);
1697
+ } catch (e) {
1698
+ throw new Error("Invalid redirect path. Disallowing open redirect.");
1699
+ }
1700
+ if (resolved.origin !== BASE_URL_EXAMPLE) {
1701
+ throw new Error("Tried to redirect off-origin. Disallowing open redirect.");
1693
1702
  }
1694
1703
  }
1695
1704
  var resolveFullPathDefault = ({ slug, path }) => {
package/dist/handler.mjs CHANGED
@@ -1673,8 +1673,17 @@ var createPreviewGETRouteHandler = (options) => {
1673
1673
  };
1674
1674
  };
1675
1675
  function validateLocalRedirectUrl(pathToRedirectTo) {
1676
- if (pathToRedirectTo == null ? void 0 : pathToRedirectTo.match(/^[a-z]+:\/\//g)) {
1677
- throw new Error("Tried to redirect to absolute URL with protocol. Disallowing open redirect.");
1676
+ if (!pathToRedirectTo) {
1677
+ return;
1678
+ }
1679
+ let resolved;
1680
+ try {
1681
+ resolved = new URL(pathToRedirectTo, BASE_URL_EXAMPLE);
1682
+ } catch (e) {
1683
+ throw new Error("Invalid redirect path. Disallowing open redirect.");
1684
+ }
1685
+ if (resolved.origin !== BASE_URL_EXAMPLE) {
1686
+ throw new Error("Tried to redirect off-origin. Disallowing open redirect.");
1678
1687
  }
1679
1688
  }
1680
1689
  var resolveFullPathDefault = ({ slug, path }) => {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@uniformdev/next-app-router",
3
- "version": "20.67.1-alpha.22+329be3528c",
3
+ "version": "20.67.1-alpha.23+6cbc37f1d4",
4
4
  "license": "SEE LICENSE IN LICENSE.txt",
5
5
  "scripts": {
6
6
  "build": "tsup",
@@ -98,12 +98,12 @@
98
98
  "vitest": "3.2.4"
99
99
  },
100
100
  "dependencies": {
101
- "@uniformdev/canvas-react": "20.67.1-alpha.22+329be3528c",
102
- "@uniformdev/next-app-router-client": "20.67.1-alpha.22+329be3528c",
103
- "@uniformdev/next-app-router-shared": "20.67.1-alpha.22+329be3528c",
104
- "@uniformdev/redirect": "20.67.1-alpha.22+329be3528c",
105
- "@uniformdev/richtext": "20.67.1-alpha.22+329be3528c",
106
- "@uniformdev/webhooks": "20.67.1-alpha.22+329be3528c",
101
+ "@uniformdev/canvas-react": "20.67.1-alpha.23+6cbc37f1d4",
102
+ "@uniformdev/next-app-router-client": "20.67.1-alpha.23+6cbc37f1d4",
103
+ "@uniformdev/next-app-router-shared": "20.67.1-alpha.23+6cbc37f1d4",
104
+ "@uniformdev/redirect": "20.67.1-alpha.23+6cbc37f1d4",
105
+ "@uniformdev/richtext": "20.67.1-alpha.23+6cbc37f1d4",
106
+ "@uniformdev/webhooks": "20.67.1-alpha.23+6cbc37f1d4",
107
107
  "@vercel/functions": "^2.2.2",
108
108
  "encoding": "^0.1.13",
109
109
  "server-only": "^0.0.1",
@@ -120,5 +120,5 @@
120
120
  "publishConfig": {
121
121
  "access": "public"
122
122
  },
123
- "gitHead": "329be3528c6e4e6d01316386d18059ec0ffcd172"
123
+ "gitHead": "6cbc37f1d4431eddfc8e478612bb45463bc9b5bd"
124
124
  }