oadmin/sub2api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: harden oidc callback security

Browse Source
This commit is contained in:
IanShaw027
2026-04-20 16:23:42 +08:00
parent 584ded2182
commit d3d4267731
4 changed files with 143 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/internal/config/config_test.go
View File

@@ -334,7 +334,7 @@ func TestValidateLinuxDoFrontendRedirectURL(t *testing.T) {
cfg.LinuxDo.ClientSecret = "test-secret"
cfg.LinuxDo.RedirectURL = "https://example.com/api/v1/auth/oauth/linuxdo/callback"
cfg.LinuxDo.TokenAuthMethod = "client_secret_post"
cfg.LinuxDo.UsePKCE = false
cfg.LinuxDo.UsePKCE = true
cfg.LinuxDo.FrontendRedirectURL = "javascript:alert(1)"
err = cfg.Validate()