fix: allow for mismatching protocol in trusted domain check - ui warnings

This commit is contained in:
Stavros
2026-07-18 18:06:26 +03:00
parent 6efb970673
commit d6087dc45e
2 changed files with 1 additions and 7 deletions
-4
View File
@@ -114,10 +114,6 @@ export const isTrustedDomain = (
return false; return false;
} }
if (url.protocol != appUrl.protocol) {
return false;
}
if (getEffectivePort(url) != getEffectivePort(appUrl)) { if (getEffectivePort(url) != getEffectivePort(appUrl)) {
return false; return false;
} }
+1 -3
View File
@@ -313,8 +313,7 @@ func (controller *OAuthController) getCookieDomain() string {
func (controller *OAuthController) isRedirectSafe(redirectURI string) bool { func (controller *OAuthController) isRedirectSafe(redirectURI string) bool {
v := validators.NewDomainValidator(validators.DomainValidatorOptions{ v := validators.NewDomainValidator(validators.DomainValidatorOptions{
WithScheme: true, WithPort: true,
WithPort: true,
}) })
_, err := v.SafeHostname(controller.runtime.AppURL) _, err := v.SafeHostname(controller.runtime.AppURL)
@@ -333,7 +332,6 @@ func (controller *OAuthController) isRedirectSafe(redirectURI string) bool {
controller.log.App.Debug().Err(err).Msg("Failed to validate redirect URI") controller.log.App.Debug().Err(err).Msg("Failed to validate redirect URI")
if errors.Is(err, validators.ErrInvalidURL) || if errors.Is(err, validators.ErrInvalidURL) ||
errors.Is(err, validators.ErrSchemeMismatch) ||
errors.Is(err, validators.ErrPortMismatch) { errors.Is(err, validators.ErrPortMismatch) {
return false return false
} }