isPermittedRedirect function
Check if a redirect is permitted.
Implementation
bool isPermittedRedirect(Uri original, Uri redirect) {
// Must maintain same protocol
if (original.scheme != redirect.scheme) return false;
// No credentials in redirect
if (redirect.userInfo.isNotEmpty) return false;
// Same port
if (original.port != redirect.port) return false;
// Hostname can only differ by www prefix
final origHost = original.host.toLowerCase();
final redirHost = redirect.host.toLowerCase();
if (origHost != redirHost) {
final origWithoutWww = origHost.startsWith('www.')
? origHost.substring(4)
: origHost;
final redirWithoutWww = redirHost.startsWith('www.')
? redirHost.substring(4)
: redirHost;
if (origWithoutWww != redirWithoutWww) return false;
}
return true;
}