sendnrw/pocket-id
2
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2026-03-27 17:56:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: disable callback URLs with protocols "javascript" and "data"

Browse Source
This commit is contained in:
ItalyPaleAle
2026-03-26 20:18:13 -07:00
parent a06d9d21e4
commit 76da41f126
6 changed files with 103 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
backend/internal/controller/oidc_controller.go
View File

@@ -89,12 +89,19 @@ type OidcController struct {
// @Router /api/oidc/authorize [post]
func (oc *OidcController) authorizeHandler(c *gin.Context) {
var input dto.AuthorizeOidcClientRequestDto
if err := c.ShouldBindJSON(&input); err != nil {
err := c.ShouldBindJSON(&input)
if err != nil {
_ = c.Error(err)
return
}
code, callbackURL, err := oc.oidcService.Authorize(c.Request.Context(), input, c.GetString("userID"), c.ClientIP(), c.Request.UserAgent())
code, callbackURL, err := oc.oidcService.Authorize(
c.Request.Context(),
input,
c.GetString("userID"),
c.ClientIP(),
c.Request.UserAgent(),
)
if err != nil {
_ = c.Error(err)
return