mirror of
https://github.com/usebruno/bruno.git
synced 2024-11-29 03:13:45 +01:00
check oauth2 authorization code redirect for exact 'code' query parameter (#1777)
Co-authored-by: Stefan Grüttner <stefan.gruettner@deutschebahn.com>
This commit is contained in:
parent
e278116356
commit
753ca4341f
@ -24,7 +24,7 @@ const authorizeUserInWindow = ({ authorizeUrl, callbackUrl, session }) => {
|
|||||||
|
|
||||||
function onWindowRedirect(url) {
|
function onWindowRedirect(url) {
|
||||||
// check if the url contains an authorization code
|
// check if the url contains an authorization code
|
||||||
if (url.match(/(code=).*/)) {
|
if (new URL(url).searchParams.has('code')) {
|
||||||
finalUrl = url;
|
finalUrl = url;
|
||||||
if (!url || !finalUrl.includes(callbackUrl)) {
|
if (!url || !finalUrl.includes(callbackUrl)) {
|
||||||
reject(new Error('Invalid Callback Url'));
|
reject(new Error('Invalid Callback Url'));
|
||||||
|
Loading…
Reference in New Issue
Block a user