diff options
| author | SteveTheEngineer <sthesengineer@gmail.com> | 2022-06-20 18:37:54 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-06-20 16:37:54 +0100 |
| commit | 1e2c2edab6d4233b81b8c21a36c426dc99084bbd (patch) | |
| tree | 01f26ab8c5c69ca750e5cdcdcb458fa91b683d97 /options/locale/locale_hu-HU.ini | |
| parent | 0649c542759163899c262132f44420221e7383eb (diff) | |
| download | gitea-1e2c2edab6d4233b81b8c21a36c426dc99084bbd.tar.gz gitea-1e2c2edab6d4233b81b8c21a36c426dc99084bbd.zip | |
Catch the error before the response is processed by goth. (#20000)
The code introduced by #18185 gets the error from response after it was processed by goth.
That is incorrect, as goth (and golang.org/x/oauth) doesn't really care about the error, and it sends a token request with an empty authorization code to the server anyway, which always results in a `oauth2: cannot fetch token: 400 Bad Request` error from goth.
It means that unless the "state" parameter is omitted from the error response (which is required to be present, according to [RFC 6749, Section 4.1.2.1](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1)) or the page is reloaded (makes the session invalid), a 500 Internal Server Error page will be displayed.
This fixes it by handling the error before the request is passed to goth.
Diffstat (limited to 'options/locale/locale_hu-HU.ini')
0 files changed, 0 insertions, 0 deletions