fix(auth): sanitize authorization URL

superboy-zjc · superboy-zjc · commit 4e6df92b2415 · 2025-08-11T16:10:14.000-07:00
diff --git a/client/src/lib/auth.ts b/client/src/lib/auth.ts
@@ -129,6 +129,9 @@ export class InspectorOAuthClientProvider implements OAuthClientProvider {
   }
 
   redirectToAuthorization(authorizationUrl: URL) {
+    if (authorizationUrl.protocol !== "http:" && authorizationUrl.protocol !== "https:") {
+      throw new Error("Authorization URL must be HTTP or HTTPS");
+    }
     window.location.href = authorizationUrl.href;
   }
 

Original file line number	Diff line number	Diff line change
`@@ -129,6 +129,9 @@ export class InspectorOAuthClientProvider implements OAuthClientProvider {`
`129`	`129`	`}`
`130`	`130`
`131`	`131`	`redirectToAuthorization(authorizationUrl: URL) {`
	`132`	`+ if (authorizationUrl.protocol !== "http:" && authorizationUrl.protocol !== "https:") {`
	`133`	`+ throw new Error("Authorization URL must be HTTP or HTTPS");`
	`134`	`+ }`
`132`	`135`	`window.location.href = authorizationUrl.href;`
`133`	`136`	`}`
`134`	`137`