You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
##Wildcard for authorized origin URLs gives invalid origin error
Description
I think the latest update may have broke something regarding the wildcard for authorized origin urls. When i have https://*.example.com in my authorized origin urls, a request from https://foo.example.com produces this: Invalid origin uri https://foo.example.com/
I know that there is a trailing slash in the origin uri but i think this should not affect this.
However if i add the full domain to the authorized origin urls it will work and does not produce any error.
Thanks for letting us know @beezerk23 - this is most likely occuring on a GET request to FusionAuth. In this case we fall back to the Referer header if the Origin is not present.
When using wild cards we take the entire value for matching, so we need to remove any path or query parameters from this value before validating.
##Wildcard for authorized origin URLs gives invalid origin error
Description
I think the latest update may have broke something regarding the wildcard for authorized origin urls. When i have
https://*.example.com
in my authorized origin urls, a request fromhttps://foo.example.com
produces this:Invalid origin uri https://foo.example.com/
I know that there is a trailing slash in the origin uri but i think this should not affect this.
However if i add the full domain to the authorized origin urls it will work and does not produce any error.
Affects versions
1.45.1
Steps to reproduce
Should be clear from the description.
Expected behavior
That the wildcard works as expected.
Related
post_logout_redirect_uri
against wildcards #2166The text was updated successfully, but these errors were encountered: