Skip to content

Commit

Permalink
🚑 disallow redirecting landing page
Browse files Browse the repository at this point in the history
  • Loading branch information
@danyx23
danyx23 committed Aug 5, 2024
1 parent 971913e commit b2fa810
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
4 changes: 4 additions & 0 deletions adminSiteClient/SiteRedirectsIndexPage.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,10 @@ export default function SiteRedirectsIndexPage() {
if (value === source) {
return "Source and target cannot be the same."
}
const sourceUrl = new URL(source, "https://ourworldindata.org")
if (sourceUrl.pathname === "/") {
return "Source cannot be the root."
}
return undefined
}

Expand Down
3 changes: 3 additions & 0 deletions adminSiteServer/apiRouter.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1555,6 +1555,9 @@ postRouteWithRWTransaction(
"/site-redirects/new",
async (req: Request, res, trx) => {
const { source, target } = req.body
const sourceAsUrl = new URL(source, "https://ourworldindata.org")
if (sourceAsUrl.pathname === "/")
throw new JsonError("Cannot redirect from /", 400)
if (await redirectWithSourceExists(trx, source)) {
throw new JsonError(
`Redirect with source ${source} already exists`,
Expand Down

0 comments on commit b2fa810

Please sign in to comment.