vercel[bot]
commented
6 months ago The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| starter-kit | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Mar 6, 2024 9:46am |
karrui
The previous fix in #274 was not enough and there are some possible strings that could still bypass the
isRelativeUrlcheck. This PR adds in a new environment variableNEXT_PUBLIC_APP_URL(only required-ish on non-vercel deployments) to correctly ascertain that the URL to check is a relative URL, by comparing origins and ensuring both origins match.