fix: [UIE-10136] - Fix Open Re-direction vulnerability in Account Cancel flow.

[tanushree-akamai]

Description 📝

Fix Open Redirect Vulnerability in Account Cancellation.

Changes 🔄

• Implement CRUD MSW mocks for account/close endpoint
• Eliminate survey link data exposure via query parameters
• Secure data by passing through router state instead

Scope 🚢

Upon production release, changes in this PR will be visible to:

• All customers
• Some customers (e.g. in Beta or Limited Availability)
• No customers / Not applicable

Target release date 🗓️

Feb 2026

Preview 📷

Before	After

https://github.com/user-attachments/assets/c26d6ba6-f7f8-4f6a-8cb7-c2d627c801f7
Attached Video with steps to verify the issue.

How to test 🧪

Prerequisites

• Open DevTools Panel
• In DevTools Panel, enable CRUD MSW
• Navigate to "User Permissions" section
• Select "Custom User Account Permissions"
• Click "Edit" to modify permissions
• Update the permissions array to include lock permissions:
  [ "view_account_settings", "cancel_account" ]

Verification steps

• Click the Account link in the sidebar.
• Click the Account settings option
• Under the Close Account panel, click the Close Account button.
• A confirmation form appears. Enter your Linode username in the first field and optionally enter any comments you'd like to leave in the second field
• Click the Close Account button to complete your account cancellation.
• Observe there are no queryParams in the URL
• Click on Take this survey, it navigates to a mock url.

Author Checklists

As an Author, to speed up the review process, I considered 🤔

👀 Doing a self review
❔ Our contribution guidelines
🤏 Splitting feature into small PRs
➕ Adding a changeset
🧪 Providing/improving test coverage
🔐 Removing all sensitive information from the code and PR description
🚩 Using a feature flag to protect the release
👣 Providing comprehensive reproduction steps
📑 Providing or updating our documentation
🕛 Scheduling a pair reviewing session
📱 Providing mobile support
♿ Providing accessibility support

• I have read and considered all applicable items listed above.

As an Author, before moving this PR from Draft to Open, I confirmed ✅

• All tests and CI checks are passing
• TypeScript compilation succeeded without errors
• Code passes all linting rules

[linode-gh-bot]

Cloud Manager UI test results

🔺 1 failing test on test run #3 ↗︎

❌ Failing	✅ Passing	↪️ Skipped	🕐 Duration
1 Failing	865 Passing	11 Skipped	41m 55s

Details

Failing Tests
	Spec	Test
❌	vpc-details-page.spec.ts	Cloud Manager Cypress Tests→VPC details page » can create, edit, and delete a subnet from the VPC details page

Troubleshooting

Use this command to re-run the failing tests:

pnpm cy:run -s "cypress/e2e/core/vpc/vpc-details-page.spec.ts"

[harsh-akamai]

Thanks @tanushree-akamai 🚀