You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 31, 2024. It is now read-only.
The string comparison approach for path detection in the ValidateAllowedCorsOriginsAsync method on DefaultClientConfigurationValidator does not account for origins explicitly stating port 80 (with http) and 443 (when using https). This is because the Uri parser normalises the URL.
Issue
The string comparison approach for path detection in the
ValidateAllowedCorsOriginsAsync
method onDefaultClientConfigurationValidator
does not account for origins explicitly stating port 80 (with http) and 443 (when using https). This is because theUri
parser normalises the URL.https://github.com/IdentityServer/IdentityServer4/blob/master/src/IdentityServer4/src/Validation/Default/DefaultClientConfigurationValidator.cs#L151
Normalization is good but is there a reason for paths being detected by string length comparison? Can I PR a different approach?
Relevant parts of the log file
The text was updated successfully, but these errors were encountered: