FEATURE: Allow wildcard in allowed_user_api_auth_redirects setting (#6779)

2025-05-29 01:31:35 +08:00 · 2019-02-26 17:03:20 +01:00
parent 8c706b0ff7
commit 75aaae5d5c
4 changed files with 22 additions and 2 deletions
--- a/app/controllers/user_api_keys_controller.rb
+++ b/app/controllers/user_api_keys_controller.rb
@ -53,7 +53,7 @@ class UserApiKeysController < ApplicationController

    if params.key?(:auth_redirect) && SiteSetting.allowed_user_api_auth_redirects
        .split('|')
-        .none? { |u| params[:auth_redirect] == u }
+        .none? { |u| WildcardUrlChecker.check_url(u, params[:auth_redirect]) }

      raise Discourse::InvalidAccess
    end