Mercurial Mercurial > prosody > prosody-modules / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2/mod_http_oauth2.lua
changeset 5482 af105c7a24b2
parent 5481 5986e0edd7a3
child 5483 30e2722c9fa3 
--- a/mod_http_oauth2/mod_http_oauth2.lua	Thu May 18 14:17:58 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Thu May 18 14:25:11 2023 +0200
@@ -180,10 +180,6 @@
 local oob_uri = "urn:ietf:wg:oauth:2.0:oob";
 
 local loopbacks = set.new({ "localhost", "127.0.0.1", "::1" });
-local function is_secure_redirect(uri)
-	local u = url.parse(uri);
-	return u.scheme ~= "http" or loopbacks:contains(u.host);
-end
 
 local function oauth_error(err_name, err_desc)
 	return errors.new({
@@ -607,8 +603,7 @@
 -- the redirect_uri is missing or invalid. In those cases, we render an
 -- error directly to the user-agent.
 local function error_response(request, redirect_uri, err)
-	if not redirect_uri or not is_secure_redirect(redirect_uri) then
-		module:log("warn", "Missing or invalid redirect_uri %q, rendering error to user-agent", redirect_uri);
+	if not redirect_uri or redirect_uri == oob_uri then
 		return render_error(err);
 	end
 	local q = request.url.query and http.formdecode(request.url.query);
prosody-modules