member/member-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: guard invalid oidc authorize url

Browse Source
This commit is contained in:
Chris
2026-04-03 05:27:14 +08:00
parent ef27055ca2
commit f43edeb703
1 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/pages/LoginPage.vue
View File

@@ -86,13 +86,21 @@ async function redirectToOidc(options = {}) {
codeChallenge: pkce.codeChallenge, codeChallenge: pkce.codeChallenge,
codeChallengeMethod: 'S256' codeChallengeMethod: 'S256'
}) })
const authorizeUrl = res.data.authorize_url const authorizeUrl = res?.data?.authorize_url
const parsed = new URL(authorizeUrl) if (!authorizeUrl) {
throw new Error('登入設定錯誤:未取得授權網址')
}
let parsed
try {
parsed = new URL(authorizeUrl, window.location.origin)
} catch (_err) {
throw new Error(`登入設定錯誤:授權網址無效 (${authorizeUrl})`)
}
const state = parsed.searchParams.get('state') const state = parsed.searchParams.get('state')
if (state) { if (state) {
sessionStorage.setItem('oidc_expected_state', state) sessionStorage.setItem('oidc_expected_state', state)
} }
window.location.href = authorizeUrl window.location.href = parsed.toString()
} }
async function generatePkcePair() { async function generatePkcePair() {