Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Portal doesn't reject fragment in redirect URI (#) #35

Closed
DonMartin76 opened this issue Nov 30, 2016 · 0 comments
Closed

Portal doesn't reject fragment in redirect URI (#) #35

DonMartin76 opened this issue Nov 30, 2016 · 0 comments
Milestone
0.11.0

Comments

@DonMartin76
Copy link
Member

It's possible to use a fragment delimiter in the redirect URI of an application; this is in turn (deep down) rejected by Kong.

You can notice such errors by monitoring the pending events on the kong adapter; if these never reach 0, some event could not be processed in the back end.

Workaround: Don't use fragments in the redirect URI.

Fix: Reject the hash character in redirect URIs.
@DonMartin76 DonMartin76 added this to the 0.10.2 milestone Nov 30, 2016
DonMartin76 added a commit to apim-haufe-io/wicked.api that referenced this issue Nov 30, 2016
@DonMartin76
Haufe-Lexware/wicked.haufe.io#35 Reject hash tags in redirect URI
8b28acb
@DonMartin76 DonMartin76 modified the milestones: 0.11.0, 0.10.2 Dec 8, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.11.0
Development

No branches or pull requests
1 participant
@DonMartin76