Circular Links Not Blocked – Causes Infinite Redirects #2053
Description
Currently, the platform allows users to create short links that redirect to themselves, leading to an infinite redirection loop when accessed. This can cause usability issues and excessive browser resource consumption.
Steps to Reproduce
- Go to Dub.co or a self-hosted instance.
- Create a new short link with a custom alias, e.g.,
mytestlink. - Set the destination URL as the same short link:
https://dub.co/mytestlink. - Click "Create" and then access the generated link.
- The browser enters an infinite redirection loop.
Recording.2025-02-20.141313.1.mp4
Expected Behavior
- The system should detect circular references and prevent users from creating short links that redirect to themselves.
- The user should see an appropriate error message such as:
"You cannot shorten a link that redirects to itself." - The link should not be stored in the database.
Impact
- User Experience Issue: Infinite redirects can cause browser crashes.
- SEO Concerns: Search engines might flag the site for improper redirections.
- Potential Exploits: Users might misuse this for phishing attacks or abuse.
- Performance Overhead: Unnecessary redirects increase server load.
- Browser Stability Issues: Some browsers do not handle infinite redirects well and may crash, leading to a poor user experience for end users.
Proposed Solution
I would add a new check in apps/web/lib/api/links/process-link.ts, specifically in the processLink function, to detect circular URLs and return a proper error message before storing the link.
Would this be the right place to implement the fix, or would you recommend another approach?
If this issue is validated, I would be happy to submit a pull request with a fix. Let me know if this change is necessary, and I will proceed accordingly.