Code Room
Code reviewHard
Question
Review this Node post-login redirect that already rejects `//` and absolute URLs.
What a strong answer looks like
Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.
Learn the concepts
app.get('/login/callback', async (req, res) => { const user = await exchangeCode(req.query.code); if (!user) return res.redirect('/login?error=1'); req.session.userId = user.id; const next = req.query.next || '/'; if (!next.startsWith('/') || next.startsWith('//')) { return res.redirect('/'); } res.redirect(next);});Run or narrate your approach, then ask the coach.