(url: string | URL)
| 6 | * @throws Error if the URL has an unsafe protocol |
| 7 | */ |
| 8 | export function validateRedirectUrl(url: string | URL): void { |
| 9 | try { |
| 10 | const parsedUrl = new URL(url); |
| 11 | if (parsedUrl.protocol !== "http:" && parsedUrl.protocol !== "https:") { |
| 12 | throw new Error("Authorization URL must be HTTP or HTTPS"); |
| 13 | } |
| 14 | } catch (error) { |
| 15 | if ( |
| 16 | error instanceof Error && |
| 17 | error.message === "Authorization URL must be HTTP or HTTPS" |
| 18 | ) { |
| 19 | throw error; |
| 20 | } |
| 21 | // If URL parsing fails, it's also invalid |
| 22 | throw new Error(`Invalid URL: ${url}`); |
| 23 | } |
| 24 | } |
no outgoing calls
no test coverage detected
searching dependent graphs…