Mirror
/
app-MAIL-temp
mirror of https://github.com/simple-login/app.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

apart from localhost, allow only https

This commit is contained in:
Son NK 2019-07-23 19:40:56 +02:00 committed by Son NK
parent d600bbfec0
commit 01e19485eb
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/oauth/views/authorize.py
View File

@ -55,9 +55,11 @@ def authorize():
# check if redirect_uri is valid
# allow localhost by default
# todo: only allow https
hostname, scheme = get_host_name_and_scheme(redirect_uri)
if hostname != "localhost":
if scheme != "https":
return "Only https is supported", 400
if not RedirectUri.get_by(client_id=client.id, uri=redirect_uri):
return f"{redirect_uri} is not authorized", 400