Browse Source
Use appSubUrl for OAuth2 callback URL tip (#28266) (#28275)
Backport #28266 by @earl-warren
- When crafting the OAuth2 callbackURL take into account `appSubUrl`,
which is quite safe given that its strictly formatted.
- No integration testing as this is all done in Javascript.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1795
(cherry picked from commit 27cb6b7956)
Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
tags/v1.21.2
Giteabot
5 months ago
1 changed files with 3 additions and 2 deletions
+ 3
- 2
web_src/js/features/admin/common.js
View File
| @@ -2,7 +2,7 @@ import $ from 'jquery'; | |||
| import {checkAppUrl} from '../common-global.js'; | |||
| import {hideElem, showElem, toggleElem} from '../../utils/dom.js'; | |||
| const {csrfToken} = window.config; | |||
| const {csrfToken, appSubUrl} = window.config; | |||
| export function initAdminCommon() { | |||
| if ($('.page-content.admin').length === 0) { | |||
| @@ -172,7 +172,8 @@ export function initAdminCommon() { | |||
| if ($('.admin.authentication').length > 0) { | |||
| $('#auth_name').on('input', function () { | |||
| $('#oauth2-callback-url').text(`${window.location.origin}/user/oauth2/${encodeURIComponent($(this).val())}/callback`); | |||
| // appSubUrl is either empty or is a path that starts with `/` and doesn't have a trailing slash. | |||
| $('#oauth2-callback-url').text(`${window.location.origin}${appSubUrl}/user/oauth2/${encodeURIComponent($(this).val())}/callback`); | |||
| }).trigger('input'); | |||
| } | |||
Loading…