github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

disallow fragments in redirect uris for dynamic clients, closes #622

pull/620/merge
Justin Richer 2014-06-18 14:49:29 -04:00
parent 4e52543091
commit 6589cd717d
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java
View File

@ -493,6 +493,11 @@ public class ClientDynamicRegistrationEndpoint {
// return an error
throw new ValidationException("invalid_client_uri", "Redirect URI is not allowed: " + uri, HttpStatus.BAD_REQUEST);
}
if (uri.contains("#")) {
// if it contains the hash symbol then it has a fragment, which isn't allowed
throw new ValidationException("invalid_redirect_uri", "Redirect URI can not have a fragment", HttpStatus.BAD_REQUEST);
}
}
}