mirrors/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2026-02-15 18:40:07 +00:00
Code Activity

fix: mark any callback url as valid if they contain a wildcard (#1006)

Browse Source
This commit is contained in:
Elias Schneider
2025-10-07 08:18:53 +02:00
committed by GitHub
parent 694f266dea
commit cbf0e3117d
2 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
backend/internal/dto/validations.go
View File

@@ -67,14 +67,12 @@ func ValidateClientID(clientID string) bool {
// ValidateCallbackURL validates callback URLs with support for wildcards // ValidateCallbackURL validates callback URLs with support for wildcards
func ValidateCallbackURL(raw string) bool { func ValidateCallbackURL(raw string) bool {
if raw == "*" { // Don't validate if it contains a wildcard
if strings.Contains(raw, "*") {
return true return true
} }
// Replace all '*' with 'x' to check if the rest is still a valid URI u, err := url.Parse(raw)
test := strings.ReplaceAll(raw, "*", "x")
u, err := url.Parse(test)
if err != nil { if err != nil {
return false return false
} }

6
frontend/src/lib/utils/zod-util.ts
View File

@@ -14,9 +14,11 @@ export const callbackUrlSchema = z
.nonempty() .nonempty()
.refine( .refine(
(val) => { (val) => {
if (val === '*') return true; if (val.includes('*')) {
return true;
}
try { try {
new URL(val.replace(/\*/g, 'x')); new URL(val);
return true; return true;
} catch { } catch {
return false; return false;