Use safe redirect after registration

enisn · enisn · commit a01adc58464d · 2025-10-30T10:22:53.000+03:00
Replaces direct Redirect with RedirectSafelyAsync after user registration to enhance security when handling return URLs.
diff --git a/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Register.cshtml.cs b/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Register.cshtml.cs
@@ -137,7 +137,7 @@ public virtual async Task<IActionResult> OnPostAsync()
                 await RegisterLocalUserAsync();
             }
 
-            return Redirect(ReturnUrl ?? "~/"); //TODO: How to ensure safety? IdentityServer requires it however it should be checked somehow!
+            return await RedirectSafelyAsync(ReturnUrl ?? "~/");
         }
         catch (BusinessException e)
         {

Original file line number	Diff line number	Diff line change
`@@ -137,7 +137,7 @@ public virtual async Task<IActionResult> OnPostAsync()`
`137`	`137`	`await RegisterLocalUserAsync();`
`138`	`138`	`}`
`139`	`139`
`140`		`- return Redirect(ReturnUrl ?? "~/"); //TODO: How to ensure safety? IdentityServer requires it however it should be checked somehow!`
	`140`	`+ return await RedirectSafelyAsync(ReturnUrl ?? "~/");`
`141`	`141`	`}`
`142`	`142`	`catch (BusinessException e)`
`143`	`143`	`{`