fix: handle cross-origin redirects in server function redirect hook #2329
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #2269
In client-side navigation we now handle redirects returned from server functions by resolving the location against the current origin as a base. The base is only relevant if the location doesn't already include an origin. This fixes cross-origin redirects.
Note: in order to handle redirects in the same way as the browser would handle them, we need to use the server function's URL (typically
<origin>/api/something
) as a base. I leave this as a TODO for a future leptos version, because it probably requires changing the signature of theserver_fn
redirect hook.In order to not be affected by a future breaking change, users should already start making sure that their redirect locations either include an origin or at least start with a single slash (e.g.
Location: /foo
).