Ignore query and fragment in validating allowed callback URLs #1211

louischan-oursky · 2020-02-13T09:45:39Z

The validation is doing exact string match. It is more useful if the provided callback URL is first with its query and fragment removed.

For example if http://localhost:3001/auth is allowed then the callback URL http://localhost:3001/auth?a=b should be allowed.

The text was updated successfully, but these errors were encountered:

ref SkygearIO#1211

ref #1211

louischan-oursky self-assigned this Feb 17, 2020

louischan-oursky added a commit to louischan-oursky/skygear-server that referenced this issue Feb 17, 2020

Ignore query, fragment and trailing slash in validating callbackURL

456d896

ref SkygearIO#1211

louischan-oursky mentioned this issue Feb 17, 2020

Ignore query, fragment and trailing slash in validating callbackURL #1212

Merged

kiootic closed this as completed in #1212 Feb 17, 2020

louischan-oursky added a commit that referenced this issue Feb 24, 2020

Ignore query, fragment and trailing slash in validating callbackURL

ede73bd

ref #1211

louischan-oursky added a commit that referenced this issue Feb 25, 2020

Ignore query, fragment and trailing slash in validating callbackURL

dabf8a6

ref #1211

louischan-oursky added a commit that referenced this issue Feb 26, 2020

Ignore query, fragment and trailing slash in validating callbackURL

7f31bcb

ref #1211

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Ignore query and fragment in validating allowed callback URLs #1211

Ignore query and fragment in validating allowed callback URLs #1211

louischan-oursky commented Feb 13, 2020

Ignore query and fragment in validating allowed callback URLs #1211

Ignore query and fragment in validating allowed callback URLs #1211

Comments

louischan-oursky commented Feb 13, 2020