Merge pull request #169 from ahmed-deriv/ahmed/DSEC-57013/fix--open-redirect-get-paramter

sandeep-deriv · web-flow · commit d65c30f0e4bf · 2024-11-13T10:33:46.000+08:00
ahmed/DSEC-57013/fix--open-redirect-get-paramter
diff --git a/src/pages/auth.tsx b/src/pages/auth.tsx
@@ -3,13 +3,14 @@ import Layout from '@theme/Layout';
 import { Login } from '../features/Login/Login';
 import useAuthParams from '../hooks/useAuthParams';
 import { useEffect } from 'react';
-import { useLocation } from '@docusaurus/router';
+import { Redirect, useLocation } from '@docusaurus/router';
 import useAuthContext from '../hooks/useAuthContext';
 
 export default function Auth(): JSX.Element {
   const { search } = useLocation(); // to get the search params
   const { is_logged_in } = useAuthContext();
   const { checkUrlParams } = useAuthParams();
+  const [redirect_route, setRedirectRoute] = React.useState<string | null>(null);
 
   useEffect(() => {
     checkUrlParams(search);
@@ -18,11 +19,15 @@ export default function Auth(): JSX.Element {
   useEffect(() => {
     if (is_logged_in) {
       const params = new URLSearchParams(search);
-      const redirect_route = params.get('route')?.replace(/%2F/g, '/') || '/';
-      window.location.assign(window.location.origin + redirect_route);
+      const redirect_route = params.get('route')?.replace(/%2F/g, '/') || '/'; 
+      setRedirectRoute(redirect_route);
     }
   }, [is_logged_in, search]);
 
+  if (redirect_route) {
+    return <Redirect to={redirect_route} />;
+  }
+
   return (
     <Layout title='Auth' description='Deriv API documentation'>
       <main>
