github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

set redirect URI matching to strict by default

pull/823/merge
Justin Richer 8 years ago
parent
7e6864ff38
commit
2f31ceddf8
2 changed files with 3 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      CHANGELOG.md
  2. 2
      openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java

2
CHANGELOG.md
Unescape View File

@ -1,5 +1,7 @@
Unreleased:
- Added changelog
- Set default redirect URI resolver strict matching to true
- Fixed XSS vulnerability on redirect URI display on approval page
*1.3.1*:
- Added End Session endpoint

2
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java
Unescape View File

@ -47,7 +47,7 @@ public class BlacklistAwareRedirectResolver extends DefaultRedirectResolver {
@Autowired
private ConfigurationPropertiesBean config;
private boolean strictMatch = false;
private boolean strictMatch = true;
/* (non-Javadoc)
* @see org.springframework.security.oauth2.provider.endpoint.RedirectResolver#resolveRedirect(java.lang.String, org.springframework.security.oauth2.provider.ClientDetails)

Write Preview
Loading…
Cancel
Save