comparison mod_http_oauth2/mod_http_oauth2.lua @ 5244:fa7bd721a3f6

mod_http_oauth2: Fix validation of informative URIs Iterating over wrong table
author Kim Alvefur <zash@zash.se>
date Sat, 11 Mar 2023 22:58:47 +0100
parents d5dc8edb2695
children e22cae58141d
comparison
equal deleted inserted replaced
5243:d5dc8edb2695 5244:fa7bd721a3f6
610 elseif components.scheme == "https" then 610 elseif components.scheme == "https" then
611 redirect_hosts:add(components.host); 611 redirect_hosts:add(components.host);
612 end 612 end
613 end 613 end
614 614
615 for field, prop_schema in pairs(registration_schema) do 615 for field, prop_schema in pairs(registration_schema.properties) do
616 if prop_schema.format == "uri" and client_metadata[field] then 616 if prop_schema.format == "uri" and client_metadata[field] then
617 local components = url.parse(client_metadata[field]); 617 local components = url.parse(client_metadata[field]);
618 if components.scheme ~= "https" then 618 if components.scheme ~= "https" then
619 return oauth_error("invalid_request", "Insecure URI forbidden"); 619 return oauth_error("invalid_request", "Insecure URI forbidden");
620 end 620 end