github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

set redirect URI matching to strict by default

pull/823/merge
Justin Richer 2017-05-10 17:39:59 -04:00
parent 7e6864ff38
commit 2f31ceddf8
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -1,5 +1,7 @@
Unreleased: Unreleased:
- Added changelog - Added changelog
- Set default redirect URI resolver strict matching to true
- Fixed XSS vulnerability on redirect URI display on approval page
*1.3.1*: *1.3.1*:
- Added End Session endpoint - Added End Session endpoint

2
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java
View File

@ -47,7 +47,7 @@ public class BlacklistAwareRedirectResolver extends DefaultRedirectResolver {
@Autowired @Autowired
private ConfigurationPropertiesBean config; private ConfigurationPropertiesBean config;
private boolean strictMatch = false; private boolean strictMatch = true;
/* (non-Javadoc) /* (non-Javadoc)
* @see org.springframework.security.oauth2.provider.endpoint.RedirectResolver#resolveRedirect(java.lang.String, org.springframework.security.oauth2.provider.ClientDetails) * @see org.springframework.security.oauth2.provider.endpoint.RedirectResolver#resolveRedirect(java.lang.String, org.springframework.security.oauth2.provider.ClientDetails)