From 37a616d1f3ab9983e395905ff2d635ddb1fe5eac Mon Sep 17 00:00:00 2001
From: GareArc <garethcxy@dify.ai>
Date: Thu, 11 Jun 2026 00:36:37 -0700
Subject: [PATCH] fix(web): SSR crash on webapp-signin when redirect_url
 present
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

getShareCodeFromRedirectUrl read window.location.origin in the render
path of WebAppStoreProvider; since the app-shell bootstrap refactor
(#35394) this component server-renders, so any /webapp-signin visit
with a redirect_url param threw "window is not defined" and returned
a 500 error shell. That shell lacks the body dataset runtime env, so
the client fell back to localhost API defaults and the page dead-ended.

Parse with a placeholder base instead — only pathname is consumed.
---
 web/context/web-app-context.tsx | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/web/context/web-app-context.tsx b/web/context/web-app-context.tsx
index 2adaf16f59..98383d6bc2 100644
--- a/web/context/web-app-context.tsx
+++ b/web/context/web-app-context.tsx
@@ -55,7 +55,8 @@ export const useWebAppStore = create<WebAppStore>(set => ({
 const getShareCodeFromRedirectUrl = (redirectUrl: string | null): string | null => {
   if (!redirectUrl || redirectUrl.length === 0)
     return null
-  const url = new URL(`${window.location.origin}${decodeURIComponent(redirectUrl)}`)
+  // base only anchors relative-path parsing; never read back (SSR-safe)
+  const url = new URL(decodeURIComponent(redirectUrl), 'http://base.invalid')
   return url.pathname.split('/').pop() || null
 }
 const getShareCodeFromPathname = (pathname: string): string | null => {