fix: [IOPID-2490] Add correct check on whitelisted URLs

[Ladirico]

[!Note] This PR is related to this PR https://github.com/pagopa/io-app/pull/6421

Short description

As suggested by the security team in this PR, a more robust check has been added that checks the return url, checking both the protocol and hostname to see if it is whitelisted

Demo

| iOS unhappy and happy path | Android unhappy path (goldfish) | Android unhappy path (evil url) | Android happy path | | - | - | - | - | |

How to test UNHAPPY PATH

• run the application using the production environment
• if you're using an iOS follow the video and attach in safari this urls:
  • iologincie:https://idserver.servizicie.interno.gov.it.evilhacker.org
  • iologincie:https://it.wikipegia.org/wiki/File:Goldfish3.jpg
• if you're using an Android device you need to install on device a fake cieid app (you can send me a message and i can help you to create and install this application)

How to test HAPPY PATH

• install CieID app
• run IO application using the production environment
• test as you can see in Demo section

[pagopa-github-bot]

Affected stories

• 🐞 IOPID-2490: [APP] Mancato check su url ritornato dall'intent di risposta per CieID (iOS e Android) subtask of
  • ⚡ IOPID-1835: Evolutive - CIE ID L2

Generated by :no_entry_sign: dangerJS against b69e4966cff24a8949216542e172f813388a55fa

[codecov[bot]]

Codecov Report

Attention: Patch coverage is 12.50000% with 7 lines in your changes missing coverage. Please review.

Project coverage is 47.81%. Comparing base (4f204b4) to head (b69e496). Report is 768 commits behind head on master.

Files with missing lines	Patch %	Lines
...features/cieLogin/components/CieIdLoginWebView.tsx	12.50%	7 Missing :warning:

Additional details and impacted files

[](https://app.codecov.io/gh/pagopa/io-app/pull/6449?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pagopa) ```diff @@ Coverage Diff @@ ## master #6449 +/- ## ========================================== - Coverage 48.42% 47.81% -0.62% ========================================== Files 1488 1626 +138 Lines 31617 32593 +976 Branches 7669 7435 -234 ========================================== + Hits 15311 15584 +273 - Misses 16238 16966 +728 + Partials 68 43 -25 ``` | [Files with missing lines](https://app.codecov.io/gh/pagopa/io-app/pull/6449?dropdown=coverage&src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pagopa) | Coverage Δ | | |---|---|---| | [...features/cieLogin/components/CieIdLoginWebView.tsx](https://app.codecov.io/gh/pagopa/io-app/pull/6449?src=pr&el=tree&filepath=ts%2Ffeatures%2FcieLogin%2Fcomponents%2FCieIdLoginWebView.tsx&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pagopa#diff-dHMvZmVhdHVyZXMvY2llTG9naW4vY29tcG9uZW50cy9DaWVJZExvZ2luV2ViVmlldy50c3g=) | `63.06% <12.50%> (ø)` | | ... and [1687 files with indirect coverage changes](https://app.codecov.io/gh/pagopa/io-app/pull/6449/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pagopa) ------ [Continue to review full report in Codecov by Sentry](https://app.codecov.io/gh/pagopa/io-app/pull/6449?dropdown=coverage&src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pagopa). > **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pagopa) > `Δ = absolute (impact)`, `ø = not affected`, `? = missing data` > Powered by [Codecov](https://app.codecov.io/gh/pagopa/io-app/pull/6449?dropdown=coverage&src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pagopa). Last update [102c584...b69e496](https://app.codecov.io/gh/pagopa/io-app/pull/6449?dropdown=coverage&src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pagopa). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pagopa).

---

🚨 Try these New Features:

• Flaky Tests Detection - Detect and resolve failed and flaky tests
• JS Bundle Analysis - Avoid shipping oversized bundles