diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2022-05-26 22:03:54 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-05-26 22:03:54 +0200 |
commit | 96129c2f10a82520648f6ae04e585cf797403617 (patch) | |
tree | f79f7302c33e695066c13e665e6d023ea05717e7 /config | |
parent | 3e0e7a1cfb617837ccada330afc13ed804c3c47b (diff) |
Fix confirmation redirect to app without `Location` header (#18523)
Diffstat (limited to 'config')
-rw-r--r-- | config/initializers/doorkeeper.rb | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index f78db8653..84b649f5c 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -128,6 +128,13 @@ Doorkeeper.configure do # force_ssl_in_redirect_uri false + # Specify what redirect URI's you want to block during Application creation. + # Any redirect URI is whitelisted by default. + # + # You can use this option in order to forbid URI's with 'javascript' scheme + # for example. + forbid_redirect_uri { |uri| %w[data vbscript javascript].include?(uri.scheme.to_s.downcase) } + # Specify what grant flows are enabled in array of Strings. The valid # strings and the flows they enable are: # |