Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Local URL check prevents from redirecting to substore pages in some configurations #7433

Open
GaborFarkas opened this issue Nov 29, 2024 · 0 comments

Comments

@GaborFarkas
Copy link

nopCommerce version: 4.70+

Recently we solved an issue in a plugin which prevented us from redirecting to substores with returnUrl after signing in, and I think this quick fix might be also of your and the general user base's interest.

The issue is coming from checking if the redirect URL is local with the built-in IUrlHelper.IsLocalUrl method, which treats absolute URLs as foreign. The problem with this approach is if substores are hosted under subdomains or different domain names, this method fails to recognize them. Consequently, the logic redirects to the main store's home page instead of the expected destination.

Please consider adding a custom URL check to nopCommerce to recognize such configurations. If you like the idea then I would recommend putting something like this in WebHelper:

public async Task<bool> IsLocalUrlAsync(string url)
{
    IUrlHelper urlHelper = _urlHelperFactory.GetUrlHelper(_actionContextAccessor.ActionContext);
    if (urlHelper.IsLocalUrl(url))
        return true;
    // Absolute URL, check if it belongs to a local store
    IList<Store> stores = await _storeService.GetAllStoresAsync();
    foreach (Store store in stores)
    {
        string scheme = store.SslEnabled ? Uri.UriSchemeHttps : Uri.UriSchemeHttp;
        // Alternatively expose StoreService.ParseHostValues and use that.
        string[] hosts = store.Hosts.Split(',');
        if (hosts.Any(host => url.StartsWith($"{scheme}{Uri.SchemeDelimiter}{host}")))
        {
            return true;
        }
    }
    return false;
}

The WebHelper class can take an additional StoreService dependency. Then whenever a URL is checked with IsLocalUrl, like in SignInCustomerAsync, you can simply use this extended check instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants
  NODES
COMMUNITY 2
Idea 1
idea 1
Project 5
USERS 1