From 6aab18030379dfcfadd242f3638cd13a3f62e7be Mon Sep 17 00:00:00 2001 From: dblythy Date: Sat, 28 Jan 2023 10:19:02 +1100 Subject: [PATCH 1/5] fix: invalid redirect can return invalid response --- Parse-Dashboard/app.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Parse-Dashboard/app.js b/Parse-Dashboard/app.js index 56ac3146f0..83a4a2689f 100644 --- a/Parse-Dashboard/app.js +++ b/Parse-Dashboard/app.js @@ -173,7 +173,7 @@ module.exports = function(config, options) { } app.get('/login', csrf(), function(req, res) { - const redirectURL = req.url.includes('?redirect=') && req.url.split('?redirect=')[1]; + const redirectURL = req.url.includes('?redirect=') && req.url.split('?redirect=')[1].length > 1 && req.url.split('?redirect=')[1]; if (!users || (req.user && req.user.isAuthenticated)) { return res.redirect(`${mountPath}${redirectURL || 'apps'}`); } From afb1003eb1cc173a23fec4d459c053233f5e8e0d Mon Sep 17 00:00:00 2001 From: dblythy Date: Sat, 28 Jan 2023 10:27:10 +1100 Subject: [PATCH 2/5] Update app.js --- Parse-Dashboard/app.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Parse-Dashboard/app.js b/Parse-Dashboard/app.js index 83a4a2689f..2b4c73fca0 100644 --- a/Parse-Dashboard/app.js +++ b/Parse-Dashboard/app.js @@ -207,7 +207,11 @@ module.exports = function(config, options) { // For every other request, go to index.html. Let client-side handle the rest. app.get('/*', function(req, res) { if (users && (!req.user || !req.user.isAuthenticated)) { - return res.redirect(`${mountPath}login?redirect=${req.url.replace('/login', '')}`); + const redirect = req.url.replace('/login', ''); + if (redirect.length > 1) { + return res.redirect(`${mountPath}login?redirect=${redirect}`); + } + return res.redirect(`${mountPath}login`); } if (users && req.user && req.user.matchingUsername ) { res.append('username', req.user.matchingUsername); From 808ee754be9fa759d9d37eaf44a4c9b7871e1463 Mon Sep 17 00:00:00 2001 From: dblythy Date: Sat, 28 Jan 2023 11:20:07 +1100 Subject: [PATCH 3/5] Update Login.js --- src/login/Login.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/login/Login.js b/src/login/Login.js index 967da8b57e..135f5b0079 100644 --- a/src/login/Login.js +++ b/src/login/Login.js @@ -34,7 +34,7 @@ export default class Login extends React.Component { forgot: false, username: sessionStorage.getItem('username') || '', password: sessionStorage.getItem('password') || '', - redirect + redirect: redirect !== '/' ? redirect : undefined }; sessionStorage.clear(); setBasePath(props.path); From 164f35a3cdadc2fed6544f80f5aee93f15448ad8 Mon Sep 17 00:00:00 2001 From: dblythy Date: Sat, 28 Jan 2023 11:52:33 +1100 Subject: [PATCH 4/5] Update DashboardView.react.js --- src/dashboard/DashboardView.react.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/dashboard/DashboardView.react.js b/src/dashboard/DashboardView.react.js index 4846ae4c72..e70f0f8c3d 100644 --- a/src/dashboard/DashboardView.react.js +++ b/src/dashboard/DashboardView.react.js @@ -34,7 +34,9 @@ export default class DashboardView extends React.Component { onRouteChanged() { const appId = this.context.applicationId; const path = this.props.location?.pathname ?? window.location.pathname; + console.log({path, appId}); const route = path.split(appId)[1].split('/')[1]; + console.log({route}); if (route !== this.state.route) { this.setState({ route }); } From 9fb509bd9dd8d3f7535dffb06e053a58e5aaa061 Mon Sep 17 00:00:00 2001 From: dblythy Date: Sat, 28 Jan 2023 15:20:48 +1100 Subject: [PATCH 5/5] Update DashboardView.react.js --- src/dashboard/DashboardView.react.js | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/dashboard/DashboardView.react.js b/src/dashboard/DashboardView.react.js index e70f0f8c3d..8402dcc04f 100644 --- a/src/dashboard/DashboardView.react.js +++ b/src/dashboard/DashboardView.react.js @@ -32,11 +32,8 @@ export default class DashboardView extends React.Component { } onRouteChanged() { - const appId = this.context.applicationId; const path = this.props.location?.pathname ?? window.location.pathname; - console.log({path, appId}); - const route = path.split(appId)[1].split('/')[1]; - console.log({route}); + const route = path.split('apps')[1].split('/')[2]; if (route !== this.state.route) { this.setState({ route }); }