Mercurial Mercurial > prosody > prosody-modules / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Validate that redirect URIs are absolute
authorKim Alvefur <zash@zash.se>
Sat, 11 Mar 2023 22:25:22 +0100
changeset 5244 001908044d0d
parent 5243 8620a635106e
child 5245 65892dd1d4ae
mod_http_oauth2: Validate that redirect URIs are absolute
mod_http_oauth2/mod_http_oauth2.lua file | annotate | diff | comparison | revisions 
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sat Mar 11 22:30:58 2023 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sat Mar 11 22:25:22 2023 +0100
@@ -602,7 +602,7 @@
 
 	for _, redirect_uri in ipairs(client_metadata.redirect_uris) do
 		local components = url.parse(redirect_uri);
-		if not components then
+		if not components or not components.scheme then
 			return oauth_error("invalid_request", "Invalid redirect URI.");
 		end
 	end
prosody-modules