Validation Process of Redirect #1102

New issue

Open

opened 2026-02-20 14:11:05 -05:00 by deekerman · 0 comments

deekerman commented

2026-02-20 14:11:05 -05:00

Owner

Originally created by @DanCue44 on GitHub (Jan 28, 2026).

Is your feature request related to a problem? Please describe.
I'm working on a dashboard that is currently housed in the PiKVM. I navigate to [domain].ts.net/pikvm_dashboard.html and then it prompts me to authenticate. Instead of taking me to the page it will redirect to your main page. This is because PiKVM's authentication system redirects back to the default page (usually /) after login, not to the page originally navigated to.

Describe the solution you'd like
Either allow whitelist of user-specified URLs or allow user to select redirect behavior. Instead of redirecting to /, allow option to redirect to original page they were navigating to.

Describe alternatives you've considered
Either of the above options would do. Option to choose redirect behavior would be simplest from a user perspective, but allowing whitelist of user-specified URLs would work. The end user would just need to know they had to enter HTML like I have below. The positive of this approach is that the user can make their login form look how they want it to look.

Additional context
Here is the bit of code I was using:

    <!-- Login Modal -->
    <div id="loginModal" class="modal" style="display: none;">
        <div class="modal-content">
            <div class="modal-title">🔐 PiKVM Authentication</div>
            <div class="modal-text">Please log in to access the Control Dashboard</div>
            <form method="POST" action="/api/auth/login">
                <input type="text" class="config-input" name="user" id="login-username" placeholder="Username" required autocomplete="username">
                <input type="password" class="config-input" name="passwd" id="login-password" placeholder="Password" required autocomplete="current-password">
                <input type="hidden" name="expire" value="0">
                <input type="hidden" name="redirect" value="/pikvm-dashboard.html">
                <button type="submit" class="btn-save">Login</button>
            </form>
        </div>
    </div>

Originally created by @DanCue44 on GitHub (Jan 28, 2026). **Is your feature request related to a problem? Please describe.** I'm working on a dashboard that is currently housed in the PiKVM. I navigate to [domain].ts.net/pikvm_dashboard.html and then it prompts me to authenticate. Instead of taking me to the page it will redirect to your main page. This is because PiKVM's authentication system redirects back to the default page (usually /) after login, not to the page originally navigated to. **Describe the solution you'd like** Either allow whitelist of user-specified URLs or allow user to select redirect behavior. Instead of redirecting to /, allow option to redirect to original page they were navigating to. **Describe alternatives you've considered** Either of the above options would do. Option to choose redirect behavior would be simplest from a user perspective, but allowing whitelist of user-specified URLs would work. The end user would just need to know they had to enter HTML like I have below. The positive of this approach is that the user can make their login form look how they want it to look. **Additional context** Here is the bit of code I was using: ```  <div id="loginModal" class="modal" style="display: none;"> <div class="modal-content"> <div class="modal-title">🔐 PiKVM Authentication</div> <div class="modal-text">Please log in to access the Control Dashboard</div> <form method="POST" action="/api/auth/login"> <input type="text" class="config-input" name="user" id="login-username" placeholder="Username" required autocomplete="username"> <input type="password" class="config-input" name="passwd" id="login-password" placeholder="Password" required autocomplete="current-password"> <input type="hidden" name="expire" value="0"> <input type="hidden" name="redirect" value="/pikvm-dashboard.html"> <button type="submit" class="btn-save">Login</button> </form> </div> </div> ```