From bbe2bbd4622c562798d75de87ab0633c66f0c1f1 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Wed, 21 Aug 2024 20:35:25 +0000
Subject: [PATCH] Fix a bug where basepath nextUrl is invalid when it should be
 valid (#2096)

* Fix a bug where basepath nextUrl is invalid when it should be valid

Signed-off-by: Derek Ho <dxho@amazon.com>

* Udpate test

Signed-off-by: Derek Ho <dxho@amazon.com>

---------

Signed-off-by: Derek Ho <dxho@amazon.com>
(cherry picked from commit b1148fb74956f7a3a84d38ad3d2f2300a959b8a6)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
---
 server/utils/next_url.test.ts | 5 +++++
 server/utils/next_url.ts      | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/server/utils/next_url.test.ts b/server/utils/next_url.test.ts
index 56f4b074..c90e2cd7 100644
--- a/server/utils/next_url.test.ts
+++ b/server/utils/next_url.test.ts
@@ -104,6 +104,11 @@ describe('test validateNextUrl', () => {
     expect(validateNextUrl(url, '')).toEqual(undefined);
   });
 
+  test('allow basePath', () => {
+    const url = '/osd';
+    expect(validateNextUrl(url, '/osd')).toEqual(undefined);
+  });
+
   test('allow dashboard url', () => {
     const url =
       '/_plugin/opensearch-dashboards/app/opensearch-dashboards#dashbard/dashboard-id?_g=(param=a&p=b)';
diff --git a/server/utils/next_url.ts b/server/utils/next_url.ts
index 9cc47adb..596aefd0 100644
--- a/server/utils/next_url.ts
+++ b/server/utils/next_url.ts
@@ -73,7 +73,7 @@ export function validateNextUrl(
     }
     const pathMinusBase = path.replace(bp, '');
     if (
-      !pathMinusBase.startsWith('/') ||
+      (pathMinusBase && !pathMinusBase.startsWith('/')) ||
       (pathMinusBase.length >= 2 && !/^\/[a-zA-Z_][\/a-zA-Z0-9-_]+$/.test(pathMinusBase))
     ) {
       return INVALID_NEXT_URL_PARAMETER_MESSAGE;