From 71162c4a6b4c9642c5b1be1ed8b28334608c99cf Mon Sep 17 00:00:00 2001 From: Max Peintner Date: Tue, 1 Jul 2025 11:08:02 +0200 Subject: [PATCH] override relative url --- apps/login/src/app/login/route.ts | 9 ++++++--- apps/login/src/lib/zitadel.ts | 12 +++++++----- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/apps/login/src/app/login/route.ts b/apps/login/src/app/login/route.ts index 7a18c1fffa..db67efa229 100644 --- a/apps/login/src/app/login/route.ts +++ b/apps/login/src/app/login/route.ts @@ -217,7 +217,7 @@ export async function GET(request: NextRequest) { params.set("organization", organization); } - const url = await startIdentityProviderFlow({ + let url: string | null = await startIdentityProviderFlow({ serviceUrl, idpId, urls: { @@ -237,9 +237,12 @@ export async function GET(request: NextRequest) { ); } - const absoluteUrl = constructUrl(request, url); + if (url.startsWith("/")) { + // if the url is a relative path, construct the absolute url + url = constructUrl(request, url).toString(); + } - return NextResponse.redirect(absoluteUrl); + return NextResponse.redirect(url); } } } diff --git a/apps/login/src/lib/zitadel.ts b/apps/login/src/lib/zitadel.ts index c2ec8c0922..8a05701e97 100644 --- a/apps/login/src/lib/zitadel.ts +++ b/apps/login/src/lib/zitadel.ts @@ -985,16 +985,18 @@ export async function startIdentityProviderFlow({ return resp.nextStep.value; } else if (resp.nextStep.case === "formData" && resp.nextStep.value) { const formData: FormData = resp.nextStep.value; - const redirectUrl = new URL("/saml-post"); + const redirectUrl = "/saml-post"; + + const params = new URLSearchParams({ url: formData.url }); - redirectUrl.searchParams.set("url", formData.url); Object.entries(formData.fields).forEach(([k, v]) => { - redirectUrl.searchParams.set(k, v); + params.append(k, v); }); - return redirectUrl.toString(); + return `${redirectUrl}?${params.toString()}`; + } else { + return null; } - return null; }); }