sendnrw/pocket-id
2
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2026-03-30 03:06:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: disable callback URLs with protocols "javascript" and "data"

Browse Source
This commit is contained in:
ItalyPaleAle
2026-03-26 20:18:13 -07:00
parent a06d9d21e4
commit 76da41f126
6 changed files with 103 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/internal/service/oidc_service.go
View File

@@ -125,9 +125,7 @@ func (s *OidcService) getJWKCache(ctx context.Context) (*jwk.Cache, error) {
func (s *OidcService) Authorize(ctx context.Context, input dto.AuthorizeOidcClientRequestDto, userID, ipAddress, userAgent string) (string, string, error) {
tx := s.db.Begin()
defer func() {
tx.Rollback()
}()
defer tx.Rollback()
var client model.OidcClient
err := tx.