daonanchao/vibe-kanban
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow auth redirect to non-localhost (#1346)

Browse Source 
Allow non-localhost clients to complete OAuth.
This commit is contained in:
Solomon
2025-11-24 14:04:46 +00:00
committed by GitHub
parent c2a10aaf72
commit 44b7f749c5
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
crates/remote/src/auth/handoff.rs
View File

@@ -464,12 +464,19 @@ fn is_allowed_return_to(url: &Url, public_origin: &str) -> bool {
return true; return true;
} }
url.scheme() == "https" if url.scheme() == "https"
&& Url::parse(public_origin).ok().is_some_and(|public_url| { && Url::parse(public_origin).ok().is_some_and(|public_url| {
public_url.scheme() == "https" public_url.scheme() == "https"
&& public_url.host_str().is_some() && public_url.host_str().is_some()
&& url.host_str() == public_url.host_str() && url.host_str() == public_url.host_str()
}) })
{
return true;
}
// Log and allow web-hosted clients. Rely on PKCE for security.
tracing::info!(%url, "allowing external redirect URL");
true
} }
fn hash_sha256_hex(input: &str) -> String { fn hash_sha256_hex(input: &str) -> String {