diff --git a/blocks/identity-block/components/login/index.jsx b/blocks/identity-block/components/login/index.jsx index 1fc61c6ac..c1d6fd750 100644 --- a/blocks/identity-block/components/login/index.jsx +++ b/blocks/identity-block/components/login/index.jsx @@ -46,6 +46,14 @@ const useLogin = ({ } }, [appleCode, Identity]); + const isReferrerFromHost = () => { + if (!document?.referrer) return false; + + const referrerURL = new URL(document.referrer); + + return referrerURL.origin === window.location.origin; + }; + useEffect(() => { const searchParams = new URLSearchParams(window.location.search.substring(1)); @@ -63,7 +71,7 @@ const useLogin = ({ setRedirectQueryParam(validatedRedirectParam); } - if (redirectToPreviousPage && document?.referrer) { + if (redirectToPreviousPage && document?.referrer && isReferrerFromHost()) { const redirectUrlLocation = new URL(document.referrer); let newRedirectUrl = redirectUrlLocation.pathname.includes('/pagebuilder/') ? redirectURL diff --git a/blocks/identity-block/components/login/index.test.jsx b/blocks/identity-block/components/login/index.test.jsx index 6eb70b458..0f7516f1a 100644 --- a/blocks/identity-block/components/login/index.test.jsx +++ b/blocks/identity-block/components/login/index.test.jsx @@ -80,7 +80,7 @@ describe("useLogin()", () => { }); it("uses document referrer", async () => { - const referrerURL = "http://referrer.com/article/1234"; + const referrerURL = "http://localhost/article/1234"; Object.defineProperty(document, "referrer", { value: referrerURL, configurable: true, diff --git a/blocks/identity-block/utils/validate-redirect-url.js b/blocks/identity-block/utils/validate-redirect-url.js index 94563a204..84f8a5fea 100644 --- a/blocks/identity-block/utils/validate-redirect-url.js +++ b/blocks/identity-block/utils/validate-redirect-url.js @@ -7,6 +7,10 @@ const validateURL = (url) => { return `${window.location.origin}${url}`; } + if (url === "/") { + return url; + } + const urlLocation = new URL(url); if (urlLocation.origin === window.location.origin) {