fix(core): unable to redirect to same origin paths (#6586)

packages/frontend/core/src/pages/redirect.tsx

@@ -1,3 +1,4 @@
+import { DebugLogger } from '@affine/debug';
 import { type LoaderFunction, Navigate, useLoaderData } from 'react-router-dom';
 
 const trustedDomain = [
@@ -10,6 +11,8 @@ const trustedDomain = [
   'reddit.com',
 ];
 
+const logger = new DebugLogger('redirect_proxy');
+
 export const loader: LoaderFunction = async ({ request }) => {
   const url = new URL(request.url);
   const searchParams = url.searchParams;
@@ -19,14 +22,21 @@ export const loader: LoaderFunction = async ({ request }) => {
     return { allow: false };
   }
 
-  const target = new URL(redirectUri);
+  try {
+    const target = new URL(redirectUri);
 
-  if (
-    trustedDomain.some(domain =>
-      new RegExp(`.?${domain}$`).test(target.hostname)
-    )
-  ) {
-    location.href = redirectUri;
+    if (
+      target.hostname === window.location.hostname ||
+      trustedDomain.some(domain =>
+        new RegExp(`.?${domain}$`).test(target.hostname)
+      )
+    ) {
+      location.href = redirectUri;
+      return { allow: true };
+    }
+  } catch (e) {
+    logger.error('Failed to parse redirect uri', e);
+    return { allow: false };
   }
 
   return { allow: true };

packages/frontend/core/src/utils/popup.ts

@@ -1,5 +1,8 @@
 export function popupWindow(target: string) {
   const url = new URL(runtimeConfig.serverUrlPrefix + '/redirect-proxy');
+  target = /^https?:\/\//.test(target)
+    ? target
+    : runtimeConfig.serverUrlPrefix + target;
   url.searchParams.set('redirect_uri', target);
 
   return window.open(url, '_blank', `noreferrer noopener`);