Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5244:fa7bd721a3f6
mod_http_oauth2: Fix validation of informative URIs
Iterating over wrong table
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 11 Mar 2023 22:58:47 +0100 |
| parents | d5dc8edb2695 |
| children | e22cae58141d |
comparison
equal
deleted
inserted
replaced
| 5243:d5dc8edb2695 | 5244:fa7bd721a3f6 |
|---|---|
| 610 elseif components.scheme == "https" then | 610 elseif components.scheme == "https" then |
| 611 redirect_hosts:add(components.host); | 611 redirect_hosts:add(components.host); |
| 612 end | 612 end |
| 613 end | 613 end |
| 614 | 614 |
| 615 for field, prop_schema in pairs(registration_schema) do | 615 for field, prop_schema in pairs(registration_schema.properties) do |
| 616 if prop_schema.format == "uri" and client_metadata[field] then | 616 if prop_schema.format == "uri" and client_metadata[field] then |
| 617 local components = url.parse(client_metadata[field]); | 617 local components = url.parse(client_metadata[field]); |
| 618 if components.scheme ~= "https" then | 618 if components.scheme ~= "https" then |
| 619 return oauth_error("invalid_request", "Insecure URI forbidden"); | 619 return oauth_error("invalid_request", "Insecure URI forbidden"); |
| 620 end | 620 end |