Backport #28266 by @earl-warren - When crafting the OAuth2 callbackURL take into account `appSubUrl`, which is quite safe given that its strictly formatted. - No integration testing as this is all done in Javascript. - Resolves https://codeberg.org/forgejo/forgejo/issues/1795 (cherry picked from commit27cb6b7956
) Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com> Co-authored-by: Gusted <postmaster@gusted.xyz> (cherry picked from commit84e65afffd
)
This commit is contained in:
parent
13c0df40de
commit
8aee1ae8e9
1 changed files with 3 additions and 2 deletions
|
@ -2,7 +2,7 @@ import $ from 'jquery';
|
||||||
import {checkAppUrl} from '../common-global.js';
|
import {checkAppUrl} from '../common-global.js';
|
||||||
import {hideElem, showElem, toggleElem} from '../../utils/dom.js';
|
import {hideElem, showElem, toggleElem} from '../../utils/dom.js';
|
||||||
|
|
||||||
const {csrfToken} = window.config;
|
const {csrfToken, appSubUrl} = window.config;
|
||||||
|
|
||||||
export function initAdminCommon() {
|
export function initAdminCommon() {
|
||||||
if ($('.page-content.admin').length === 0) {
|
if ($('.page-content.admin').length === 0) {
|
||||||
|
@ -172,7 +172,8 @@ export function initAdminCommon() {
|
||||||
|
|
||||||
if ($('.admin.authentication').length > 0) {
|
if ($('.admin.authentication').length > 0) {
|
||||||
$('#auth_name').on('input', function () {
|
$('#auth_name').on('input', function () {
|
||||||
$('#oauth2-callback-url').text(`${window.location.origin}/user/oauth2/${encodeURIComponent($(this).val())}/callback`);
|
// appSubUrl is either empty or is a path that starts with `/` and doesn't have a trailing slash.
|
||||||
|
$('#oauth2-callback-url').text(`${window.location.origin}${appSubUrl}/user/oauth2/${encodeURIComponent($(this).val())}/callback`);
|
||||||
}).trigger('input');
|
}).trigger('input');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue