next-auth icon indicating copy to clipboard operation
next-auth copied to clipboard
verified publisher icon nextauthjs

fix(docs): explain `redirectTo` better

Open lpbonomi opened this issue 1 year ago • 4 comments

☕️ Reasoning

It tells the user that the redirectTo param should be a relative path and not an absolute URL.

🧢 Checklist

  • [x] Documentation
  • [ ] Tests
  • [x] Ready to be merged

🎫 Affected issues

Fixes https://github.com/nextauthjs/next-auth/issues/9592

📌 Resources

lpbonomi avatar Jan 25 '24 13:01 lpbonomi

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
auth-docs ❌ Failed (Inspect) May 19, 2024 0:18am
1 Ignored Deployment
Name Status Preview Comments Updated (UTC)
next-auth-docs ⬜️ Ignored (Inspect) Visit Preview May 19, 2024 0:18am

vercel[bot] avatar Jan 25 '24 13:01 vercel[bot]

Technically this is not true. You can use full/external URLs if you also modify the redirect() callback.

Which by default only allows relative URLs, or full URLs on the same domain.

See: https://github.com/nextauthjs/next-auth/blob/b3c7a6c3107cdae7a7735e18776ca14c27c445e8/packages/core/src/lib/init.ts#L38-L42

Could this be reflected in the comments maybe? A warning might be in place that redirecting to external sources might be dangerous if you don't control that other domain.

I feel like that's pretty convoluted. If someone is going through the trouble to modify this callback they probably understand this option as well.

Simplifying the explanation of the default, like in this PR, is enough imo

ndom91 avatar Feb 08 '24 21:02 ndom91

@lpbonomi is attempting to deploy a commit to the authjs Team on Vercel.

A member of the Team first needs to authorize it.

vercel[bot] avatar Feb 14 '24 14:02 vercel[bot]

@ndom91 I can't merge the PR. If this looks complete, please just go ahead and merge it. If not, I can put some more work on it

lpbonomi avatar Feb 14 '24 14:02 lpbonomi

Codecov Report

Attention: Patch coverage is 0% with 4 lines in your changes are missing coverage. Please review.

Project coverage is 38.74%. Comparing base (65d5947) to head (8fd90ae).

Files Patch % Lines
packages/next-auth/src/index.tsx 0.00% 4 Missing :warning:
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #9792   +/-   ##
=======================================
  Coverage   38.74%   38.74%           
=======================================
  Files         176      176           
  Lines       27887    27887           
  Branches     1217     1223    +6     
=======================================
  Hits        10804    10804           
  Misses      17083    17083

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar May 19 '24 12:05 codecov[bot]