From 098a9ca22f723e53df5d0691404f4e50a5a9f9db Mon Sep 17 00:00:00 2001 From: Nicki Derrick Date: Tue, 9 Sep 2025 17:58:33 +0100 Subject: [PATCH 1/4] CCM-10814 Use Next redirect to avoid preloading templates --- .../src/__tests__/app/signin/route.test.ts | 24 +++++++++---------- frontend/src/app/signin/route.ts | 7 +----- 2 files changed, 13 insertions(+), 18 deletions(-) diff --git a/frontend/src/__tests__/app/signin/route.test.ts b/frontend/src/__tests__/app/signin/route.test.ts index 7e640189..3b8dadab 100644 --- a/frontend/src/__tests__/app/signin/route.test.ts +++ b/frontend/src/__tests__/app/signin/route.test.ts @@ -13,6 +13,8 @@ jest.mock('@/utils/amplify-utils'); jest.mock('@/utils/csrf-utils'); jest.mock('next/headers'); +const baseUrl = 'https://test'; + test('returns redirect', async () => { jest.mocked(getSessionId).mockResolvedValue('session-id'); jest.mocked(generateSessionCsrfToken).mockResolvedValue('csrf'); @@ -23,7 +25,7 @@ test('returns redirect', async () => { }); jest.mocked(cookies).mockResolvedValue(cookiesMock); - const request = new NextRequest('https://test?redirect=/redirect-url'); + const request = new NextRequest(`${baseUrl}?redirect=/redirect-url`); const response = await GET(request); expect(cookieSetMock).toHaveBeenCalledWith('csrf_token', 'csrf', { @@ -31,7 +33,7 @@ test('returns redirect', async () => { secure: true, }); expect(response.status).toEqual(307); - expect(response.headers.get('Location')).toEqual('/redirect-url'); + expect(response.headers.get('Location')).toEqual(`${baseUrl}/redirect-url`); }); test('returns redirect - sanitizes redirect path', async () => { @@ -39,11 +41,11 @@ test('returns redirect - sanitizes redirect path', async () => { jest.mocked(generateSessionCsrfToken).mockResolvedValue('csrf'); jest.mocked(cookies).mockResolvedValue(mockDeep()); - const request = new NextRequest('https://test?redirect=redirect-url'); // no leading slash in redirect search param value + const request = new NextRequest(`${baseUrl}?redirect=redirect-url`); const response = await GET(request); expect(response.status).toEqual(307); - expect(response.headers.get('Location')).toEqual('/redirect-url'); + expect(response.headers.get('Location')).toEqual(`${baseUrl}/redirect-url`); }); test('returns redirect to /templates/message-templates if no redirect given', async () => { @@ -51,12 +53,12 @@ test('returns redirect to /templates/message-templates if no redirect given', as jest.mocked(generateSessionCsrfToken).mockResolvedValue('csrf'); jest.mocked(cookies).mockResolvedValue(mockDeep({})); - const request = new NextRequest('https://test'); + const request = new NextRequest(baseUrl); const response = await GET(request); expect(response.status).toEqual(307); expect(response.headers.get('Location')).toEqual( - '/templates/message-templates' + `${baseUrl}/templates/message-templates` ); }); @@ -65,13 +67,12 @@ test('returns redirect to /auth if no session detected', async () => { const cookiesMock = mockDeep(); jest.mocked(cookies).mockResolvedValue(cookiesMock); - const request = new NextRequest('https://test'); + const request = new NextRequest(baseUrl); const response = await GET(request); expect(cookiesMock.delete).toHaveBeenCalledWith('csrf_token'); - expect(response.status).toEqual(307); - expect(response.headers.get('Location')).toEqual('/auth'); + expect(response.headers.get('Location')).toEqual(`${baseUrl}/auth`); }); test('retains redirect search param on /auth redirect', async () => { @@ -79,13 +80,12 @@ test('retains redirect search param on /auth redirect', async () => { const cookiesMock = mockDeep(); jest.mocked(cookies).mockResolvedValue(cookiesMock); - const request = new NextRequest('https://test?redirect=/redirect-path'); + const request = new NextRequest(`${baseUrl}?redirect=/redirect-path`); const response = await GET(request); expect(cookiesMock.delete).toHaveBeenCalledWith('csrf_token'); - expect(response.status).toEqual(307); expect(response.headers.get('Location')).toEqual( - '/auth?redirect=%2Fredirect-path' + `${baseUrl}/auth?redirect=%2Fredirect-path` ); }); diff --git a/frontend/src/app/signin/route.ts b/frontend/src/app/signin/route.ts index 7ae2474d..220073c3 100644 --- a/frontend/src/app/signin/route.ts +++ b/frontend/src/app/signin/route.ts @@ -34,10 +34,5 @@ export const GET = async (request: NextRequest) => { } } - return NextResponse.json(null, { - status: 307, - headers: { - Location: redirectPath, - }, - }); + return NextResponse.redirect(new URL(redirectPath, request.url), 307); }; From 77bbbb9105cde5a8a500e8ab827d38596b516ae1 Mon Sep 17 00:00:00 2001 From: Nicki Derrick Date: Fri, 19 Sep 2025 10:28:02 +0100 Subject: [PATCH 2/4] CCM-10814 Update redirect --- frontend/src/app/signin/route.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/frontend/src/app/signin/route.ts b/frontend/src/app/signin/route.ts index 220073c3..d45e0614 100644 --- a/frontend/src/app/signin/route.ts +++ b/frontend/src/app/signin/route.ts @@ -34,5 +34,7 @@ export const GET = async (request: NextRequest) => { } } - return NextResponse.redirect(new URL(redirectPath, request.url), 307); + const redirectUrl = new URL(request.url); + redirectUrl.pathname = redirectPath; + return NextResponse.redirect(redirectUrl, 307); }; From c2d93fea967574ed3021f4803fd8616b2fadfc8c Mon Sep 17 00:00:00 2001 From: Nicki Derrick Date: Mon, 22 Sep 2025 16:00:49 +0100 Subject: [PATCH 3/4] CCM-10814 empty commit From e887222f25da86be0db051f2bfd232fb7bf6a145 Mon Sep 17 00:00:00 2001 From: Nicki Derrick Date: Mon, 22 Sep 2025 16:44:04 +0100 Subject: [PATCH 4/4] CCM-10814 Update redirect --- frontend/src/app/signin/route.ts | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/frontend/src/app/signin/route.ts b/frontend/src/app/signin/route.ts index d45e0614..bea35271 100644 --- a/frontend/src/app/signin/route.ts +++ b/frontend/src/app/signin/route.ts @@ -34,7 +34,8 @@ export const GET = async (request: NextRequest) => { } } - const redirectUrl = new URL(request.url); - redirectUrl.pathname = redirectPath; - return NextResponse.redirect(redirectUrl, 307); + return NextResponse.redirect( + new URL(redirectPath, request.nextUrl.origin), + 307 + ); };