Mercurial > prosody-modules
changeset 5240:001908044d0d
mod_http_oauth2: Validate that redirect URIs are absolute
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 11 Mar 2023 22:25:22 +0100 |
parents | 8620a635106e |
children | 65892dd1d4ae |
files | mod_http_oauth2/mod_http_oauth2.lua |
diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Sat Mar 11 22:30:58 2023 +0100 +++ b/mod_http_oauth2/mod_http_oauth2.lua Sat Mar 11 22:25:22 2023 +0100 @@ -602,7 +602,7 @@ for _, redirect_uri in ipairs(client_metadata.redirect_uris) do local components = url.parse(redirect_uri); - if not components then + if not components or not components.scheme then return oauth_error("invalid_request", "Invalid redirect URI."); end end