# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1678569922 -3600
# Node ID 001908044d0d0fa9a70a16d1a77493145d6aca67
# Parent  8620a635106e7885852d0e2a7261f1788d5adb77
mod_http_oauth2: Validate that redirect URIs are absolute

diff -r 8620a635106e -r 001908044d0d mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sat Mar 11 22:30:58 2023 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sat Mar 11 22:25:22 2023 +0100
@@ -602,7 +602,7 @@
 
 	for _, redirect_uri in ipairs(client_metadata.redirect_uris) do
 		local components = url.parse(redirect_uri);
-		if not components then
+		if not components or not components.scheme then
 			return oauth_error("invalid_request", "Invalid redirect URI.");
 		end
 	end