fix: incorrect denylist logic for redirects (#1897)

fern-api · Dec 14, 2024 · 4747959 · 4747959
1 parent ea440d0
commit 4747959
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/packages/ui/docs-bundle/src/server/FernNextResponse.ts b/packages/ui/docs-bundle/src/server/FernNextResponse.ts
@@ -20,7 +20,7 @@ export class FernNextResponse {
         const allowedDomains = [getHostEdge(req), ...(allowedDestinations ?? []).map((url) => new URL(url).host)];
         const redirectLocation = new URL(destination);
 
-        if (!allowedDomains.includes(redirectLocation.host) || isBuildWithFern(redirectLocation.host)) {
+        if (!allowedDomains.includes(redirectLocation.host) && !isBuildWithFern(redirectLocation.host)) {
             // open redirect to unknown host detected:
             return new NextResponse(null, { status: 410 });
         }