mirrors/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-10-26 12:27:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use appSubUrl for OAuth2 callback URL tip (#28266)

Browse Source 
- When crafting the OAuth2 callbackURL take into account `appSubUrl`,
which is quite safe given that its strictly formatted.
- No integration testing as this is all done in Javascript.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1795

(cherry picked from commit 27cb6b7956136f87aa78067d9adb5a4c4ce28a24)

Co-authored-by: Gusted <postmaster@gusted.xyz>
This commit is contained in:
Earl Warren
2023-11-29 02:37:12 +01:00
committed by GitHub
parent cb8298b717
commit 8b45a4d366
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
web_src/js/features/admin/common.js
View File

@@ -2,7 +2,7 @@ import $ from 'jquery';
import {checkAppUrl} from '../common-global.js'; import {checkAppUrl} from '../common-global.js';
import {hideElem, showElem, toggleElem} from '../../utils/dom.js'; import {hideElem, showElem, toggleElem} from '../../utils/dom.js';
const {csrfToken} = window.config; const {csrfToken, appSubUrl} = window.config;
export function initAdminCommon() { export function initAdminCommon() {
if ($('.page-content.admin').length === 0) { if ($('.page-content.admin').length === 0) {
@@ -172,7 +172,8 @@ export function initAdminCommon() {
if ($('.admin.authentication').length > 0) { if ($('.admin.authentication').length > 0) {
$('#auth_name').on('input', function () { $('#auth_name').on('input', function () {
$('#oauth2-callback-url').text(`${window.location.origin}/user/oauth2/${encodeURIComponent($(this).val())}/callback`); // appSubUrl is either empty or is a path that starts with `/` and doesn't have a trailing slash.
$('#oauth2-callback-url').text(`${window.location.origin}${appSubUrl}/user/oauth2/${encodeURIComponent($(this).val())}/callback`);
}).trigger('input'); }).trigger('input');
} }