You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<!--
## title your PR with this format: "[SDK/Dashboard/Portal] Feature/Fix: Concise title for the changes"
If you did not copy the branch name from Linear, paste the issue tag here (format is TEAM-0000):
## Notes for the reviewer
Anything important to call out? Be sure to also clarify these in your comments.
## How to test
Unit tests, playground, etc.
-->
<!-- start pr-codex -->
---
## PR-Codex overview
This PR modifies the `isValidEncodedRedirectPath` function to enhance its validation logic for decoded paths, ensuring they start with a single slash and belong to the `thirdweb.com` domain.
### Detailed summary
- Removed comments about decoding URI components and path validation.
- Added a check to ensure `decodedPath` starts with a single slash.
- Introduced a `URL` object to validate that the hostname is `thirdweb.com`.
- Simplified the return logic for invalid paths.
> ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`
<!-- end pr-codex -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai -->
## Summary by CodeRabbit
* **Bug Fixes**
* Enhanced login redirect validation to ensure redirects are properly verified and authenticated for the correct domain.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
0 commit comments