starred/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-17 01:11:38 +03:00
Code Issues 121 Packages Projects Releases 16 Wiki Activity

fix: callback URL doesn't get rejected if it starts with a different string

Browse Source
This commit is contained in:
Elias Schneider
2025-04-17 20:52:58 +02:00
parent 0111a58dac
commit f0dce41fbc
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/internal/service/oidc_service.go
View File

@@ -955,7 +955,7 @@ func (s *OidcService) getCallbackURL(urls []string, inputCallbackURL string) (ca
} }
for _, callbackPattern := range urls { for _, callbackPattern := range urls {
regexPattern := strings.ReplaceAll(regexp.QuoteMeta(callbackPattern), `\*`, ".*") + "$" regexPattern := "^" + strings.ReplaceAll(regexp.QuoteMeta(callbackPattern), `\*`, ".*") + "$"
matched, err := regexp.MatchString(regexPattern, inputCallbackURL) matched, err := regexp.MatchString(regexPattern, inputCallbackURL)
if err != nil { if err != nil {
return "", err return "", err