From d6087dc45e8be35cd90056fd99cae98a9cf4b8a0 Mon Sep 17 00:00:00 2001 From: Stavros Date: Sat, 18 Jul 2026 18:06:26 +0300 Subject: [PATCH] fix: allow for mismatching protocol in trusted domain check - ui warnings --- frontend/src/lib/hooks/redirect-uri.ts | 4 ---- internal/controller/oauth_controller.go | 4 +--- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/frontend/src/lib/hooks/redirect-uri.ts b/frontend/src/lib/hooks/redirect-uri.ts index 920a13a5..f7048ffe 100644 --- a/frontend/src/lib/hooks/redirect-uri.ts +++ b/frontend/src/lib/hooks/redirect-uri.ts @@ -114,10 +114,6 @@ export const isTrustedDomain = ( return false; } - if (url.protocol != appUrl.protocol) { - return false; - } - if (getEffectivePort(url) != getEffectivePort(appUrl)) { return false; } diff --git a/internal/controller/oauth_controller.go b/internal/controller/oauth_controller.go index afaa0120..00eae837 100644 --- a/internal/controller/oauth_controller.go +++ b/internal/controller/oauth_controller.go @@ -313,8 +313,7 @@ func (controller *OAuthController) getCookieDomain() string { func (controller *OAuthController) isRedirectSafe(redirectURI string) bool { v := validators.NewDomainValidator(validators.DomainValidatorOptions{ - WithScheme: true, - WithPort: true, + WithPort: true, }) _, err := v.SafeHostname(controller.runtime.AppURL) @@ -333,7 +332,6 @@ func (controller *OAuthController) isRedirectSafe(redirectURI string) bool { controller.log.App.Debug().Err(err).Msg("Failed to validate redirect URI") if errors.Is(err, validators.ErrInvalidURL) || - errors.Is(err, validators.ErrSchemeMismatch) || errors.Is(err, validators.ErrPortMismatch) { return false }