(김준회) 멀티 도메인 로그아웃시 경로 문제 처리

author: joonhoekim <26rote@gmail.com> 2025-10-30 19:14:25 +0900
committer: joonhoekim <26rote@gmail.com> 2025-10-30 19:14:25 +0900
commit: 1db30643d32619a352e759799a24e8f54b8137bf (patch)
tree: 400eb49c334b760fb5ccf27f26ab9f5a16eb9938 /app/api/auth/[...nextauth]
parent: 89eb494450a12fcbf58a88d7786152af5d83a8cf (diff)
1 files changed, 25 insertions, 2 deletions
diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts
index d6ec807f..58566cd6 100644
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@@ -449,12 +449,35 @@ export const authOptions: NextAuthOptions = {
     },
 
     async redirect({ url, baseUrl }) {
+      // 상대 경로인 경우 baseUrl과 결합
       if (url.startsWith("/")) {
         return `${baseUrl}${url}`;
       }
-      else if (new URL(url).origin === baseUrl) {
-        return url;
+      
+      // 절대 URL인 경우: 허용된 도메인 목록 확인
+      try {
+        const urlObj = new URL(url);
+        const allowedDomains = [
+          "shidataroom.com",
+          "partners.sevcp.com",
+          "sevcp.com",
+          "localhost" // 개발 환경
+        ];
+        
+        // 허용된 도메인이면 그대로 반환
+        if (allowedDomains.includes(urlObj.hostname)) {
+          return url;
+        }
+        
+        // 기존 로직: baseUrl과 origin이 같으면 허용
+        if (urlObj.origin === baseUrl) {
+          return url;
+        }
+      } catch {
+        console.error('Invalid redirect URL:', url);
       }
+      
+      // 허용되지 않은 URL은 baseUrl로 리다이렉트
       return baseUrl;
     },
   },
author	joonhoekim <26rote@gmail.com>	2025-10-30 19:14:25 +0900
committer	joonhoekim <26rote@gmail.com>	2025-10-30 19:14:25 +0900
commit	1db30643d32619a352e759799a24e8f54b8137bf (patch)
tree	400eb49c334b760fb5ccf27f26ab9f5a16eb9938 /app/api/auth/[...nextauth]
parent	89eb494450a12fcbf58a88d7786152af5d83a8cf (diff)