fix: ensure safe redirect check only accepts actual domains

2026-01-19 13:52:29 +00:00 · 2026-01-17 20:36:42 +02:00
parent 87e2b52a04
commit d67c3ab8a4
2 changed files with 7 additions and 1 deletions
--- a/internal/utils/app_utils_test.go
+++ b/internal/utils/app_utils_test.go
@@ -205,4 +205,9 @@ func TestIsRedirectSafe(t *testing.T) {
 	redirectURL = "http://example.org/page"
 	result = utils.IsRedirectSafe(redirectURL, domain)
 	assert.Equal(t, false, result)
+
+	// Case with malicious domain
+	redirectURL = "https://malicious-example.com/yoyo"
+	result = utils.IsRedirectSafe(redirectURL, domain)
+	assert.Equal(t, false, result)
 }