Mercurial > prosody-modules
annotate mod_http_oauth2/html/oob.html @ 5548:fd3c12c40cd9
mod_http_oauth2: Disable CORS for authorization endpoint
Per recommendation in draft-ietf-oauth-security-topics-23
Hopefully it is enough to return an error status, since mod_http will
add CORS headers from a handler with higher priority, even for OPTIONS.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 16 Jun 2023 00:05:57 +0200 |
parents | f5931ce9b6ca |
children | 8de02381e80a |
rev | line source |
---|---|
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 <!DOCTYPE html> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 <html> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 <head> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 <meta charset="utf-8"> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 <meta name="viewport" content="width=device-width, initial-scale=1" /> |
5495
7998b49d6512
mod_http_oauth2: Create proper template for OOB code delivery
Kim Alvefur <zash@zash.se>
parents:
5208
diff
changeset
|
6 <title>{site_name} - Authorization Code</title> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 <link rel="stylesheet" href="style.css"> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 </head> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 <body> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 <main> |
5495
7998b49d6512
mod_http_oauth2: Create proper template for OOB code delivery
Kim Alvefur <zash@zash.se>
parents:
5208
diff
changeset
|
11 <h1>{site_name}</h1> |
7998b49d6512
mod_http_oauth2: Create proper template for OOB code delivery
Kim Alvefur <zash@zash.se>
parents:
5208
diff
changeset
|
12 <h2>Your Authorization Code</h2> |
7998b49d6512
mod_http_oauth2: Create proper template for OOB code delivery
Kim Alvefur <zash@zash.se>
parents:
5208
diff
changeset
|
13 <p>Here’s your authorization code, copy and paste it into {client.client_name}</p> |
7998b49d6512
mod_http_oauth2: Create proper template for OOB code delivery
Kim Alvefur <zash@zash.se>
parents:
5208
diff
changeset
|
14 <div class="oob"> |
5515
f5931ce9b6ca
mod_http_oauth2: Present OOB code in an input field for easier selection
Kim Alvefur <zash@zash.se>
parents:
5495
diff
changeset
|
15 <p><input readonly name="authorization_code" value="{authorization_code}"></p> |
5208
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 </div> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 </main> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 </body> |
aaa64c647e12
mod_http_oauth2: Add authentication, consent and error pages
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 </html> |