check oauth2 authorization code redirect for exact 'code' query parameter (#1777)

Co-authored-by: Stefan Grüttner <stefan.gruettner@deutschebahn.com>
2024-11-21 23:43:15 +01:00 · 2024-03-22 14:13:12 +01:00 · 2024-03-22 14:13:12 +01:00 · 753ca4341f
commit 753ca4341f
parent e278116356
1 changed files with 1 additions and 1 deletions
--- a/packages/bruno-electron/src/ipc/network/authorize-user-in-window.js
+++ b/packages/bruno-electron/src/ipc/network/authorize-user-in-window.js
@ -24,7 +24,7 @@ const authorizeUserInWindow = ({ authorizeUrl, callbackUrl, session }) => {

    function onWindowRedirect(url) {
      // check if the url contains an authorization code
-      if (url.match(/(code=).*/)) {
+      if (new URL(url).searchParams.has('code')) {
        finalUrl = url;
        if (!url || !finalUrl.includes(callbackUrl)) {
          reject(new Error('Invalid Callback Url'));