starred/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-06 09:13:19 +03:00
Code Issues 121 Packages Projects Releases 16 Wiki Activity

🐛 Bug Report: Trim operation is not performed on OIDC Callback URLs entry boxes #222

New Issue
Closed
opened 2025-10-07 00:06:23 +03:00 by OVERLORD · 1 comment
OVERLORD commented 2025-10-07 00:06:23 +03:00
Owner
Copy Link

Originally created by @Illuminati-Cow on GitHub.

Reproduction steps

  1. Create a callback URL with a space at the end
  2. Configure the client to use Pocket ID as an authenticator
  3. Sign in to Pocket ID and attempt to authenticate with the client
  4. Invalid Callback URL error

Expected behavior

The entry box should perform a trim operation at the very least, or a basic check for malformed URLs.

Actual Behavior

The URL with a space was accepted, and no warning was presented. Upon hitting the invalid callback, the appropriate error was presented.

Version and Environment

I performed additional testing, and the error only occurs if the malformed callback URL needs to be resolved. When putting spaces in unused callback URLs, no issue occurred. A trim operation on the URL entry boxes should cause no new issues and prevent user error.

Log Output

pocket-id | [GIN] 2025/05/13 - 07:09:25 | 400 | 967.791µs | 10.0.0.227 | POST "/api/oidc/authorize"
pocket-id | Error #01: invalid callback URL, it might be necessary for an admin to fix this

Originally created by @Illuminati-Cow on GitHub. ### Reproduction steps 1. Create a callback URL with a space at the end 2. Configure the client to use Pocket ID as an authenticator 3. Sign in to Pocket ID and attempt to authenticate with the client 4. Invalid Callback URL error ### Expected behavior The entry box should perform a trim operation at the very least, or a basic check for malformed URLs. ### Actual Behavior The URL with a space was accepted, and no warning was presented. Upon hitting the invalid callback, the appropriate error was presented. ### Version and Environment I performed additional testing, and the error only occurs if the malformed callback URL needs to be resolved. When putting spaces in unused callback URLs, no issue occurred. A trim operation on the URL entry boxes should cause no new issues and prevent user error. ### Log Output `pocket-id | [GIN] 2025/05/13 - 07:09:25 | 400 | 967.791µs | 10.0.0.227 | POST "/api/oidc/authorize"` `pocket-id | Error #01: invalid callback URL, it might be necessary for an admin to fix this`
OVERLORD added the bug label 2025-10-07 00:06:23 +03:00
OVERLORD commented 2025-10-07 00:06:26 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

Thanks, this should be fixed in 207da2ac6a and will be released in v1.0.0.

@stonith404 commented on GitHub: Thanks, this should be fixed in 207da2ac6a0aa1d3bd441095af1b47595f341be2 and will be released in `v1.0.0`.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id#222
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?