This repository was archived by the owner on Dec 22, 2023. It is now read-only.

This repository was archived by the owner on Dec 22, 2023. It is now read-only.

Ignore query and fragment in validating allowed callback URLs #1211

Closed

Assignees

louischan-oursky

opened

on Feb 13, 2020

The validation is doing exact string match. It is more useful if the provided callback URL is first with its query and fragment removed.

For example if http://localhost:3001/auth is allowed then the callback URL http://localhost:3001/auth?a=b should be allowed.

Metadata

Assignees

louischan-oursky

Labels

No labels

No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests