From c3d2b59661df0ad4866933092823710822aa7d65 Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Wed, 21 Aug 2024 17:13:18 -0400 Subject: [PATCH] Fix a bug where basepath nextUrl is invalid when it should be valid (#2096) (#2099) --- server/utils/next_url.test.ts | 5 +++++ server/utils/next_url.ts | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/server/utils/next_url.test.ts b/server/utils/next_url.test.ts index 56f4b074..c90e2cd7 100644 --- a/server/utils/next_url.test.ts +++ b/server/utils/next_url.test.ts @@ -104,6 +104,11 @@ describe('test validateNextUrl', () => { expect(validateNextUrl(url, '')).toEqual(undefined); }); + test('allow basePath', () => { + const url = '/osd'; + expect(validateNextUrl(url, '/osd')).toEqual(undefined); + }); + test('allow dashboard url', () => { const url = '/_plugin/opensearch-dashboards/app/opensearch-dashboards#dashbard/dashboard-id?_g=(param=a&p=b)'; diff --git a/server/utils/next_url.ts b/server/utils/next_url.ts index 9cc47adb..596aefd0 100644 --- a/server/utils/next_url.ts +++ b/server/utils/next_url.ts @@ -73,7 +73,7 @@ export function validateNextUrl( } const pathMinusBase = path.replace(bp, ''); if ( - !pathMinusBase.startsWith('/') || + (pathMinusBase && !pathMinusBase.startsWith('/')) || (pathMinusBase.length >= 2 && !/^\/[a-zA-Z_][\/a-zA-Z0-9-_]+$/.test(pathMinusBase)) ) { return INVALID_NEXT_URL_PARAMETER_MESSAGE;