fix: stop query params persisting across page navigation (#333)

Author: mokhld

src/server/plugins/engine/helpers.test.ts

@@ -228,6 +228,18 @@ describe('Helpers', () => {
         expect(h.redirect).not.toHaveBeenCalledWith(request.query.returnUrl)
       }
     )
+
+    it('should not forward custom query params to the next page URL', () => {
+      request = {
+        ...request,
+        method: 'post',
+        query: { parcelId: 'SD5848-9205' }
+      }
+
+      proceed(request, h, '/test/next-page')
+
+      expect(h.redirect).toHaveBeenCalledWith('/test/next-page')
+    })
   })
 
   describe('encodeUrl', () => {

src/server/plugins/engine/helpers.ts

@@ -22,7 +22,6 @@ import {
 } from '~/src/server/plugins/engine/components/helpers/components.js'
 import { type FormModel } from '~/src/server/plugins/engine/models/FormModel.js'
 import { type PageControllerClass } from '~/src/server/plugins/engine/pageControllers/helpers/pages.js'
-import { stripParam } from '~/src/server/plugins/engine/pageControllers/helpers/state.js'
 import {
   type AnyFormRequest,
   type FormContext,
@@ -134,7 +133,7 @@ export function proceed(
   const response =
     isReturnAllowed && isPathRelative(returnUrl)
       ? h.redirect(returnUrl)
-      : h.redirect(redirectPath(nextUrl, stripParam(query, 'returnUrl')))
+      : h.redirect(redirectPath(nextUrl))
 
   // Redirect POST to GET to avoid resubmission
   return method === 'post'