sendnrw/pocket-id
2
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2026-04-03 13:16:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: disable callback URLs with protocols "javascript" and "data" (#1397)

Browse Source
This commit is contained in:
Alessandro (Ale) Segala
2026-04-02 17:01:44 -07:00
committed by GitHub
parent e825a58b39
commit 2b94535ade
6 changed files with 103 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/internal/service/oidc_service.go
View File

@@ -125,9 +125,7 @@ func (s *OidcService) getJWKCache(ctx context.Context) (*jwk.Cache, error) {
func (s *OidcService) Authorize(ctx context.Context, input dto.AuthorizeOidcClientRequestDto, userID, ipAddress, userAgent string) (string, string, error) {
tx := s.db.Begin()
defer func() {
tx.Rollback()
}()
defer tx.Rollback()
var client model.OidcClient
err := tx.