kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

리다이렉트 납치 방지

Browse Source
This commit is contained in:
조찬영
2026-01-20 15:27:35 +09:00
parent 4856801756
commit 20e848deb6
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
frontend/lib/main.dart
View File

@@ -125,6 +125,11 @@ final _router = GoRouter(
_routerLogger.fine("Redirect check - Path: $path, IsLoggedIn: $isLoggedIn"); _routerLogger.fine("Redirect check - Path: $path, IsLoggedIn: $isLoggedIn");
// 0. ALWAYS allow /verify/ to proceed so it can signal the backend
if (path.startsWith('/verify/')) {
return null;
}
// If not logged in and trying to access a protected page, redirect to /login // If not logged in and trying to access a protected page, redirect to /login
if (!isLoggedIn && !isPublicPath) { if (!isLoggedIn && !isPublicPath) {
_routerLogger.info("Not logged in, redirecting to /login"); _routerLogger.info("Not logged in, redirecting to /login");
@@ -132,7 +137,7 @@ final _router = GoRouter(
} }
// If logged in and trying to access login page, redirect to root (dashboard) // If logged in and trying to access login page, redirect to root (dashboard)
if (isLoggedIn && (path == '/login' || path.startsWith('/verify/'))) { if (isLoggedIn && path == '/login') {
_routerLogger.info("Logged in, redirecting to /"); _routerLogger.info("Logged in, redirecting to /");
return '/'; return '/';
} }