mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2026-07-14 14:01:34 +00:00
fix: use case insensitive check in the oauth controller
This commit is contained in:
@@ -335,7 +335,7 @@ func (controller *OAuthController) isRedirectSafe(redirectURI string) bool {
|
|||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
if u.Host == au.Host {
|
if strings.EqualFold(u.Host, au.Host) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -343,7 +343,7 @@ func (controller *OAuthController) isRedirectSafe(redirectURI string) bool {
|
|||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
if strings.HasSuffix(u.Host, "."+au.Host) {
|
if strings.HasSuffix(strings.ToLower(u.Host), "."+strings.ToLower(controller.runtime.CookieDomain)) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user