From a01adc58464d278ca817c4bbb6cbce30f155d0d1 Mon Sep 17 00:00:00 2001
From: enisn <info@enisnecipoglu.com>
Date: Thu, 30 Oct 2025 10:22:53 +0300
Subject: [PATCH] Use safe redirect after registration

Replaces direct Redirect with RedirectSafelyAsync after user registration to enhance security when handling return URLs.
---
 .../src/Volo.Abp.Account.Web/Pages/Account/Register.cshtml.cs   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Register.cshtml.cs b/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Register.cshtml.cs
index c481715a16..c61e31426a 100644
--- a/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Register.cshtml.cs
+++ b/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Register.cshtml.cs
@@ -137,7 +137,7 @@ public class RegisterModel : AccountPageModel
                 await RegisterLocalUserAsync();
             }
 
-            return Redirect(ReturnUrl ?? "~/"); //TODO: How to ensure safety? IdentityServer requires it however it should be checked somehow!
+            return await RedirectSafelyAsync(ReturnUrl ?? "~/");
         }
         catch (BusinessException e)
         {