From 7cedae942a24b6354e0df8a630f1aeb3f3c96aab Mon Sep 17 00:00:00 2001
From: geido <diegopucci.me@gmail.com>
Date: Mon, 14 Feb 2022 13:57:14 +0000
Subject: [PATCH 1/2] Only redirect to relative paths

---
 .../superset-ui-core/src/connection/SupersetClientClass.ts    | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/superset-frontend/packages/superset-ui-core/src/connection/SupersetClientClass.ts b/superset-frontend/packages/superset-ui-core/src/connection/SupersetClientClass.ts
index 39d5022be8a0b..fa75148afe624 100644
--- a/superset-frontend/packages/superset-ui-core/src/connection/SupersetClientClass.ts
+++ b/superset-frontend/packages/superset-ui-core/src/connection/SupersetClientClass.ts
@@ -232,6 +232,8 @@ export default class SupersetClientClass {
   }
 
   redirectUnauthorized() {
-    window.location.href = `/login?next=${window.location.href}`;
+    window.location.href = `/login?next=${
+      window.location.pathname + window.location.search
+    }`;
   }
 }

From c5133cb232eecb118852aeb0afc7e1b16d6bcb89 Mon Sep 17 00:00:00 2001
From: geido <diegopucci.me@gmail.com>
Date: Mon, 14 Feb 2022 15:39:07 +0000
Subject: [PATCH 2/2] Fix redirect test

---
 .../test/connection/SupersetClientClass.test.ts       | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/superset-frontend/packages/superset-ui-core/test/connection/SupersetClientClass.test.ts b/superset-frontend/packages/superset-ui-core/test/connection/SupersetClientClass.test.ts
index 4efd4f43ca685..ae6ac138d5a67 100644
--- a/superset-frontend/packages/superset-ui-core/test/connection/SupersetClientClass.test.ts
+++ b/superset-frontend/packages/superset-ui-core/test/connection/SupersetClientClass.test.ts
@@ -501,11 +501,16 @@ describe('SupersetClientClass', () => {
 
   it('should redirect Unauthorized', async () => {
     const mockRequestUrl = 'https://host/get/url';
+    const mockRequestPath = '/get/url';
+    const mockRequestSearch = '?param=1&param=2';
     const { location } = window;
     // @ts-ignore
     delete window.location;
     // @ts-ignore
-    window.location = { href: mockRequestUrl };
+    window.location = {
+      pathname: mockRequestPath,
+      search: mockRequestSearch,
+    };
     const authSpy = jest
       .spyOn(SupersetClientClass.prototype, 'ensureAuth')
       .mockImplementation();
@@ -523,7 +528,9 @@ describe('SupersetClientClass', () => {
       error = err;
     } finally {
       const redirectURL = window.location.href;
-      expect(redirectURL).toBe(`/login?next=${mockRequestUrl}`);
+      expect(redirectURL).toBe(
+        `/login?next=${mockRequestPath + mockRequestSearch}`,
+      );
       expect(error.status).toBe(401);
     }