fix: mark any callback url as valid if they contain a wildcard (#1006)

2025-12-10 23:22:57 +03:00 · 2025-10-07 08:18:53 +02:00
parent 694f266dea
commit cbf0e3117d
2 changed files with 7 additions and 7 deletions
--- a/backend/internal/dto/validations.go
+++ b/backend/internal/dto/validations.go
@@ -67,14 +67,12 @@ func ValidateClientID(clientID string) bool {

 // ValidateCallbackURL validates callback URLs with support for wildcards
 func ValidateCallbackURL(raw string) bool {
-	if raw == "*" {
+	// Don't validate if it contains a wildcard
+	if strings.Contains(raw, "*") {
 		return true
 	}

-	// Replace all '*' with 'x' to check if the rest is still a valid URI
-	test := strings.ReplaceAll(raw, "*", "x")
-
-	u, err := url.Parse(test)
+	u, err := url.Parse(raw)
 	if err != nil {
 		return false
 	}
--- a/frontend/src/lib/utils/zod-util.ts
+++ b/frontend/src/lib/utils/zod-util.ts
@@ -14,9 +14,11 @@ export const callbackUrlSchema = z
 	.nonempty()
 	.refine(
 		(val) => {
-			if (val === '*') return true;
+			if (val.includes('*')) {
+				return true;
+			}
 			try {
-				new URL(val.replace(/\*/g, 'x'));
+				new URL(val);
 				return true;
 			} catch {
 				return false;