Prerequisites
Please answer the following questions before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.
- What is your product version? 11.2
- What is your product type (Angular or MVC)? MVC
- What is product framework type (.net framework or .net core)? .net core
Hi,
We have noticed that the account controller normaliseurl function is stripping out our return url if the user is logged in. This appears to be a change between 8.8 and 11.2. This is causing an issue for us as any returnurl on login does not work if the user is alreay loggedin. This scenario happens for our users when they click on an email and directed to a browser where they are already logged in.
We have removed the following code as it is causing a significiant production issue. But we would like to know if there is an impace somewhere else in theh system we should be aware off.
if (AbpSession.UserId.HasValue) { return defaultValueBuilder(); }
`
private string NormalizeReturnUrl(string returnUrl, Func
if (returnUrl.IsNullOrEmpty())
{
return defaultValueBuilder();
}
if (AbpSession.UserId.HasValue)
{
return defaultValueBuilder();
}
if (Url.IsLocalUrl(returnUrl) || _webUrlService.GetRedirectAllowedExternalWebSites().Any(returnUrl.Contains))
{
return returnUrl;
}
return defaultValueBuilder();
}`
2 Answer(s)
-
0
Hi,
It seems like this is the reason for that change https://github.com/aspnetzero/aspnet-zero-core/issues/3740, but your case also seems a valid use case. We will think of a better solution for this. Please follow https://github.com/aspnetzero/aspnet-zero-core/issues/4620
-
0
Hi,
We are working on this issue. Could you share a sample URL for scenario below ?
This scenario happens for our users when they click on an email and directed to a browser where they are already logged in.
Thanks,
