override relative url

2025-08-11 15:49:35 +00:00 · 2025-07-01 11:08:02 +02:00
parent 8819be810b
commit 71162c4a6b
2 changed files with 13 additions and 8 deletions
--- a/apps/login/src/app/login/route.ts
+++ b/apps/login/src/app/login/route.ts
@@ -217,7 +217,7 @@ export async function GET(request: NextRequest) {
            params.set("organization", organization);
          }

-          const url = await startIdentityProviderFlow({
+          let url: string | null = await startIdentityProviderFlow({
            serviceUrl,
            idpId,
            urls: {
@@ -237,9 +237,12 @@ export async function GET(request: NextRequest) {
            );
          }

-          const absoluteUrl = constructUrl(request, url);
+          if (url.startsWith("/")) {
+            // if the url is a relative path, construct the absolute url
+            url = constructUrl(request, url).toString();
+          }

-          return NextResponse.redirect(absoluteUrl);
+          return NextResponse.redirect(url);
        }
      }
    }
--- a/apps/login/src/lib/zitadel.ts
+++ b/apps/login/src/lib/zitadel.ts
@@ -985,16 +985,18 @@ export async function startIdentityProviderFlow({
        return resp.nextStep.value;
      } else if (resp.nextStep.case === "formData" && resp.nextStep.value) {
        const formData: FormData = resp.nextStep.value;
-        const redirectUrl = new URL("/saml-post");
+        const redirectUrl = "/saml-post";
+
+        const params = new URLSearchParams({ url: formData.url });

-        redirectUrl.searchParams.set("url", formData.url);
        Object.entries(formData.fields).forEach(([k, v]) => {
-          redirectUrl.searchParams.set(k, v);
+          params.append(k, v);
        });

-        return redirectUrl.toString();
+        return `${redirectUrl}?${params.toString()}`;
+      } else {
+        return null;
      }
-      return null;
    });
 }