parse-community · mtrezza · Oct 29, 2025 · Oct 29, 2025 · Oct 29, 2025
diff --git a/Parse-Dashboard/Authentication.js b/Parse-Dashboard/Authentication.js
@@ -77,6 +77,7 @@ function initialize(app, options) {
     (req,res,next) => {
       let redirect = 'apps';
       if (req.body.redirect) {
+        // Strip leading slash from redirect to prevent double slashes
         redirect = req.body.redirect.charAt(0) === '/' ? req.body.redirect.substring(1) : req.body.redirect
       }
       return passport.authenticate('local', {

diff --git a/Parse-Dashboard/app.js b/Parse-Dashboard/app.js
@@ -1062,8 +1062,12 @@ You have direct access to the Parse database through function calls, so you can
     }
 
     app.get('/login', csrf(), function(req, res) {
-      const redirectURL = req.url.includes('?redirect=') && req.url.split('?redirect=')[1].length > 1 && req.url.split('?redirect=')[1];
+      let redirectURL = req.url.includes('?redirect=') && req.url.split('?redirect=')[1].length > 1 && req.url.split('?redirect=')[1];
       if (!users || (req.user && req.user.isAuthenticated)) {
+        // Strip leading slash from redirect to prevent double slashes or malformed URLs
+        if (redirectURL && redirectURL.charAt(0) === '/') {
+          redirectURL = redirectURL.substring(1);
+        }
         return res.redirect(`${mountPath}${redirectURL || 'apps'}`);
       }